Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-16125 - log back

CVE-2020-16125 edited at 04 Nov 2020 13:34:36

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Privilege escalation

Description

+	gdm before 3.38.2 can be tricked into launching gnome-initial-setup, enabling an unprivileged user to create a new user account for themselves. The new account is a member of the sudo group, so this enables the unprivileged user to obtain admin privileges.

References

+	https://gitlab.gnome.org/GNOME/gdm/-/issues/642

Notes

CVE-2020-16125 created at 04 Nov 2020 13:33:19