Release Date: | 2021-02-08 |
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
See more information about CVE-2020-14391 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
Base Score: | 5.5 | Base Metrics: | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Access Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | Low | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | High |
Integrity Impact: | None | Availability Impact: | None |
Platform | Errata | Release Date |
Oracle Linux version 8 (LibRaw) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (PackageKit) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (dleyna-renderer) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (frei0r-plugins) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gdm) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gnome-control-center) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gnome-photos) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gnome-remote-desktop) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gnome-session) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gnome-settings-daemon) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gnome-shell) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gnome-shell-extensions) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gnome-terminal) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gsettings-desktop-schemas) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gtk-doc) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gtk3) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (gvfs) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (libsoup) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (mutter) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (nautilus) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (pipewire) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (pipewire0.2) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (potrace) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (pygobject3) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (tracker) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (vte291) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (webkit2gtk3) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (webrtc-audio-processing) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (xdg-desktop-portal) | ELSA-2020-4451 | 2020-11-10 |
Oracle Linux version 8 (xdg-desktop-portal-gtk) | ELSA-2020-4451 | 2020-11-10 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team