CVE-2019-14822
Public on 2019-11-25
Modified on 2020-11-11
Description
A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | ibus | 2020-11-09 | ALAS2-2020-1555 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.1 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
| NVD | CVSSv2 | 3.6 | AV:L/AC:L/Au:N/C:P/I:P/A:N |
| NVD | CVSSv3 | 7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |