QwikSec

Security Database

CVE

CWE

Training

CVE-2021-23556

Published: Mar 17, 2022

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

6.4

MEDIUM

Description

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.

Vendor	Product	Versions
n/a	guake	affected `unspecified - < 3.8.5`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

References

https://github.com/Guake/guake/issues/1796

x_refsource_MISC

https://snyk.io/vuln/SNYK-PYTHON-GUAKE-2386334

x_refsource_MISC

https://github.com/Guake/guake/pull/2017

x_refsource_MISC

https://github.com/Guake/guake/pull/2017/commits/e3d671120bfe7ba28f50e256cc5e8a629781b888

x_refsource_MISC

https://github.com/Guake/guake/releases

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.