{"id":"CVE-2019-12449","details":"An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.","modified":"2026-04-10T04:15:30.904326Z","published":"2019-05-29T17:29:00.383Z","related":["ALSA-2020:1766","MGASA-2019-0214","SUSE-SU-2019:1717-1","openSUSE-SU-2019:1697-1","openSUSE-SU-2019:1699-1","openSUSE-SU-2024:10838-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/07/09/3"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4053-1/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gvfs","events":[{"introduced":"8baec79ab9cb2cb86095b071f3a40f7f6a751ef6"},{"last_affected":"769d0b47a88eff3ca14d34346491b2961e17ecd5"}],"database_specific":{"versions":[{"introduced":"1.29.4"},{"last_affected":"1.41.2"}]}},{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/gvfs","events":[{"introduced":"0"},{"fixed":"409619412e11be146a31b9a99ed965925f1aabb8"}]}],"versions":["1.10.0","1.11.3","1.11.4","1.11.5","1.12.0","1.12.1","1.13.0","1.13.1","1.13.2","1.13.3","1.13.4","1.13.5","1.13.6","1.13.7","1.13.8","1.13.9","1.14.0","1.15.0","1.15.1","1.15.2","1.15.3","1.15.4","1.16.0","1.17.0","1.17.1","1.17.2","1.17.3","1.17.90","1.18.0","1.18.1","1.18.2","1.19.1","1.19.2","1.19.3","1.19.4","1.19.5","1.19.90","1.20.0","1.21.1","1.21.2","1.21.3","1.21.4","1.21.90","1.21.92","1.22.0","1.23.1","1.23.2","1.23.3","1.23.4","1.23.90","1.23.92","1.24.0","1.25.1","1.25.2","1.25.3","1.25.4","1.25.4.1","1.25.90","1.25.91","1.25.92","1.26.0","1.26.1","1.26.1.1","1.26.2","1.27.3","1.27.4","1.27.90","1.27.91","1.27.92","1.28.0","1.28.1","1.29.1","1.29.2","1.29.3","1.29.4","1.29.90","1.29.91","1.29.92","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.30.0","1.31.1","1.31.2","1.31.3","1.31.4","1.31.90","1.31.91","1.31.92","1.32.0","1.33.1","1.33.3","1.33.90","1.33.91","1.33.92","1.34.0","1.35.1","1.35.2","1.35.3","1.35.4","1.35.90","1.35.91","1.35.92","1.36.0","1.37.1","1.37.2","1.37.4","1.37.90","1.37.91","1.38.0","1.39.1","1.39.3","1.39.4","1.39.90","1.39.91","1.39.92","1.4.0","1.40.0","1.41.1","1.41.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.7.3","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","GVFS_0_0_1","GVFS_0_0_2","GVFS_0_1_0","GVFS_0_1_1","GVFS_0_1_10","GVFS_0_1_11","GVFS_0_1_2","GVFS_0_1_3","GVFS_0_1_4","GVFS_0_1_5","GVFS_0_1_6","GVFS_0_1_7","GVFS_0_1_8","GVFS_0_1_9","GVFS_0_2_0","GVFS_0_2_0_1","GVFS_0_2_1","GVFS_0_2_2","GVFS_0_2_4","GVFS_0_99_1","GVFS_0_99_2","GVFS_0_99_3","GVFS_0_99_4","GVFS_0_99_5","GVFS_0_99_6","GVFS_0_99_7","GVFS_1_1_1","GVFS_1_1_2","GVFS_1_1_3","GVFS_1_1_4","GVFS_1_1_5","GVFS_1_1_6","GVFS_1_1_7","GVFS_1_1_8","GVFS_1_2_1","GVFS_1_2_2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12449.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}]}