CVE-2020-28049 log

Severity Medium
Remote No
Type Privilege escalation
A local privilege escalation has been discovered in the sddm display manager < 0.19.0. If the auth file is empty, X allows any local application (= any user on the system) to connect. This is currently the case until X wrote the display number to sddm and sddm used that to write the entry into the file.
Group Package Affected Fixed Severity Status Ticket
AVG-1266 sddm 0.18.1-3 0.19.0-1 Medium Fixed
Date Advisory Group Package Severity Type
10 Nov 2020 ASA-202011-8 AVG-1266 sddm Medium privilege escalation