QwikSec

Security Database

CVE

CWE

Training

CVE-2020-28049

Published: Nov 4, 2020

Modified: Oct 15, 2024

PUBLISHED

Description

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/sddm/sddm/releases

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049

https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog

vendor-advisory

[debian-lts-announce] 20201106 [SECURITY] [DLA 2436-1] sddm security update

mailing-list

openSUSE-SU-2020:1870

vendor-advisory

FEDORA-2021-7066b95c99

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.