{"id":"CVE-2019-12795","details":"daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)","modified":"2026-04-11T12:42:22.580165Z","published":"2019-06-11T22:29:06.560Z","related":["ALSA-2019:3553","MGASA-2019-0214","SUSE-SU-2019:1717-1","SUSE-SU-2024:2681-1","openSUSE-SU-2019:1697-1","openSUSE-SU-2019:1699-1","openSUSE-SU-2024:10838-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"},{"type":"WEB","url":"http://www.securityfocus.com/bid/108741"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"},{"type":"WEB","url":"https://usn.ubuntu.com/4053-1/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3553"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gvfs","events":[{"introduced":"0"},{"fixed":"e178d606bc67a717e71af2c67b1739e21b1b65ec"},{"introduced":"a4de94e6267bbb28993ef824ead56bceb7f9bb68"},{"fixed":"b7dc2daf2af667f1816ecdb8561c5a21beca85a8"},{"introduced":"0"},{"fixed":"08c68c550550eccbecbf7a50c7efbae69122c861"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.38.3"},{"introduced":"1.40.0"},{"fixed":"1.40.2"},{"introduced":"1.41.0"},{"fixed":"1.41.3"}]}},{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/gvfs","events":[{"introduced":"0"},{"fixed":"70dbfc68a79faac49bd3423e079cb6902522082a"},{"fixed":"d8c9138bf240975848b1c54db648ec4cd516a48f"},{"fixed":"e3808a1b4042761055b1d975333a8243d67b8bfe"}]}],"versions":["1.10.0","1.11.3","1.11.4","1.11.5","1.12.0","1.12.1","1.13.0","1.13.1","1.13.2","1.13.3","1.13.4","1.13.5","1.13.6","1.13.7","1.13.8","1.13.9","1.14.0","1.15.0","1.15.1","1.15.2","1.15.3","1.15.4","1.16.0","1.17.0","1.17.1","1.17.2","1.17.3","1.17.90","1.18.0","1.18.1","1.18.2","1.19.1","1.19.2","1.19.3","1.19.4","1.19.5","1.19.90","1.20.0","1.21.1","1.21.2","1.21.3","1.21.4","1.21.90","1.21.92","1.22.0","1.23.1","1.23.2","1.23.3","1.23.4","1.23.90","1.23.92","1.24.0","1.25.1","1.25.2","1.25.3","1.25.4","1.25.4.1","1.25.90","1.25.91","1.25.92","1.26.0","1.26.1","1.26.1.1","1.26.2","1.27.3","1.27.4","1.27.90","1.27.91","1.27.92","1.28.0","1.28.1","1.29.1","1.29.2","1.29.3","1.29.4","1.29.90","1.29.91","1.29.92","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.30.0","1.31.1","1.31.2","1.31.3","1.31.4","1.31.90","1.31.91","1.31.92","1.32.0","1.33.1","1.33.3","1.33.90","1.33.91","1.33.92","1.34.0","1.35.1","1.35.2","1.35.3","1.35.4","1.35.90","1.35.91","1.35.92","1.36.0","1.37.1","1.37.2","1.37.4","1.37.90","1.37.91","1.38.0","1.38.1","1.38.2","1.39.1","1.39.3","1.39.4","1.39.90","1.39.91","1.39.92","1.4.0","1.40.0","1.40.1","1.41.1","1.41.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.7.3","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","GVFS_0_0_1","GVFS_0_0_2","GVFS_0_1_0","GVFS_0_1_1","GVFS_0_1_10","GVFS_0_1_11","GVFS_0_1_2","GVFS_0_1_3","GVFS_0_1_4","GVFS_0_1_5","GVFS_0_1_6","GVFS_0_1_7","GVFS_0_1_8","GVFS_0_1_9","GVFS_0_2_0","GVFS_0_2_0_1","GVFS_0_2_1","GVFS_0_2_2","GVFS_0_2_4","GVFS_0_99_1","GVFS_0_99_2","GVFS_0_99_3","GVFS_0_99_4","GVFS_0_99_5","GVFS_0_99_6","GVFS_0_99_7","GVFS_1_1_1","GVFS_1_1_2","GVFS_1_1_3","GVFS_1_1_4","GVFS_1_1_5","GVFS_1_1_6","GVFS_1_1_7","GVFS_1_1_8","GVFS_1_2_1","GVFS_1_2_2"],"database_specific":{"vanir_signatures":[{"target":{"file":"daemon/gvfsdaemon.c","function":"g_vfs_daemon_finalize"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-12795-099c33e6","source":"https://gitlab.gnome.org/GNOME/gvfs@70dbfc68a79faac49bd3423e079cb6902522082a","digest":{"function_hash":"260847502622409619292779471927008858971","length":788},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c","function":"handle_get_connection"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-12795-1736f68d","source":"https://gitlab.gnome.org/GNOME/gvfs@e3808a1b4042761055b1d975333a8243d67b8bfe","digest":{"function_hash":"122317140833222875799533544001559550918","length":881},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c","function":"g_vfs_daemon_init"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-12795-243cfe05","source":"https://gitlab.gnome.org/GNOME/gvfs@e3808a1b4042761055b1d975333a8243d67b8bfe","digest":{"function_hash":"45335142991908048850859058299857565986","length":1683},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c","function":"g_vfs_daemon_init"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-12795-26b384e6","source":"https://gitlab.gnome.org/GNOME/gvfs@70dbfc68a79faac49bd3423e079cb6902522082a","digest":{"function_hash":"45335142991908048850859058299857565986","length":1683},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c","function":"g_vfs_daemon_finalize"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-12795-6564d210","source":"https://gitlab.gnome.org/GNOME/gvfs@e3808a1b4042761055b1d975333a8243d67b8bfe","digest":{"function_hash":"260847502622409619292779471927008858971","length":788},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c","function":"handle_get_connection"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-12795-6a721d2c","source":"https://gitlab.gnome.org/GNOME/gvfs@d8c9138bf240975848b1c54db648ec4cd516a48f","digest":{"function_hash":"122317140833222875799533544001559550918","length":881},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c","function":"g_vfs_daemon_init"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-12795-8685fad0","source":"https://gitlab.gnome.org/GNOME/gvfs@d8c9138bf240975848b1c54db648ec4cd516a48f","digest":{"function_hash":"45335142991908048850859058299857565986","length":1683},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c"},"signature_type":"Line","deprecated":false,"id":"CVE-2019-12795-894cb75a","source":"https://gitlab.gnome.org/GNOME/gvfs@70dbfc68a79faac49bd3423e079cb6902522082a","digest":{"threshold":0.9,"line_hashes":["202250683871061836011757592528105526267","201515347353904563617957138196383894103","4475450305315191071107058679750007501","24713737879894399815118231771454515989","18683510416179814490481082309098974202","309028196496005031498698124258079682922","149084874730935543806618573127165592157","204331926161744637474946895562570874144","70876256530375104550855307606044083304","126906244417576701741993537493109047124","220762000836528630128511943658518269288","312129091379922289298716051949334978477","328440218195079683635530675818577656548","162662242332415065681266821072996997654","29127584062838663407548935586734896295","148385315265121300316597790381879520220","260994257354779420739327764368110071050","186574111959266575641265468925696768397"]},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c","function":"g_vfs_daemon_finalize"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-12795-9bdbecdb","source":"https://gitlab.gnome.org/GNOME/gvfs@d8c9138bf240975848b1c54db648ec4cd516a48f","digest":{"function_hash":"260847502622409619292779471927008858971","length":788},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c"},"signature_type":"Line","deprecated":false,"id":"CVE-2019-12795-b3060bce","source":"https://gitlab.gnome.org/GNOME/gvfs@d8c9138bf240975848b1c54db648ec4cd516a48f","digest":{"threshold":0.9,"line_hashes":["202250683871061836011757592528105526267","201515347353904563617957138196383894103","4475450305315191071107058679750007501","24713737879894399815118231771454515989","18683510416179814490481082309098974202","309028196496005031498698124258079682922","149084874730935543806618573127165592157","204331926161744637474946895562570874144","70876256530375104550855307606044083304","126906244417576701741993537493109047124","220762000836528630128511943658518269288","312129091379922289298716051949334978477","328440218195079683635530675818577656548","162662242332415065681266821072996997654","29127584062838663407548935586734896295","148385315265121300316597790381879520220","260994257354779420739327764368110071050","186574111959266575641265468925696768397"]},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c","function":"handle_get_connection"},"signature_type":"Function","deprecated":false,"id":"CVE-2019-12795-dcbbf5e8","source":"https://gitlab.gnome.org/GNOME/gvfs@70dbfc68a79faac49bd3423e079cb6902522082a","digest":{"function_hash":"122317140833222875799533544001559550918","length":881},"signature_version":"v1"},{"target":{"file":"daemon/gvfsdaemon.c"},"signature_type":"Line","deprecated":false,"id":"CVE-2019-12795-fe01d51c","source":"https://gitlab.gnome.org/GNOME/gvfs@e3808a1b4042761055b1d975333a8243d67b8bfe","digest":{"threshold":0.9,"line_hashes":["202250683871061836011757592528105526267","201515347353904563617957138196383894103","4475450305315191071107058679750007501","24713737879894399815118231771454515989","18683510416179814490481082309098974202","309028196496005031498698124258079682922","149084874730935543806618573127165592157","204331926161744637474946895562570874144","70876256530375104550855307606044083304","126906244417576701741993537493109047124","220762000836528630128511943658518269288","312129091379922289298716051949334978477","328440218195079683635530675818577656548","162662242332415065681266821072996997654","29127584062838663407548935586734896295","148385315265121300316597790381879520220","260994257354779420739327764368110071050","186574111959266575641265468925696768397"]},"signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T12:42:22Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12795.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}