| Title | GNOME NetworkManager における情報漏えいに関する脆弱性 |
|---|---|
| Summary | GNOME NetworkManager には、情報漏えいに関する脆弱性が存在します。 |
| Possible impacts | 情報を取得される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | May 14, 2018, midnight |
| Registration Date | May 24, 2018, 3:29 p.m. |
| Last Update | May 24, 2018, 3:29 p.m. |
| CVSS3.0 : 重要 | |
| Score | 7.5 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVSS2.0 : 警告 | |
| Score | 5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| GNOME Project |
| NetworkManager 1.10.2 およびそれ以前 |
| Canonical |
| Ubuntu |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2018年05月24日] 掲載 |
May 24, 2018, 3:29 p.m. |
| Summary | GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. |
|---|---|
| Publication Date | March 20, 2018, 10:29 p.m. |
| Registration Date | March 1, 2021, 6:39 p.m. |
| Last Update | Nov. 21, 2024, 12:39 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:gnome:networkmanager:*:*:*:*:*:*:*:* | 1.10.2 | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:* | |||||