Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2024-34397

Authentication Bypass by Spoofing

Published: May 07, 2024 | Modified: Jun 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
3.8 MODERATE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-34397
CWEhttps://cwe.mitre.org/data/definitions/290.html

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

Weakness

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Affected Software

Name Vendor Start Version End Version
Glib Gnome * 2.78.5 (excluding)
Glib Gnome 2.79.0 (including) 2.80.1 (excluding)
Red Hat Enterprise Linux 8 RedHat glib2-0:2.56.4-166.el8_10 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat glib2-0:2.56.4-8.el8_2.2 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat glib2-0:2.56.4-10.el8_4.2 *
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On RedHat glib2-0:2.56.4-10.el8_4.2 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat glib2-0:2.56.4-158.el8_6.2 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat glib2-0:2.56.4-158.el8_6.2 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat glib2-0:2.56.4-158.el8_6.2 *
Red Hat Enterprise Linux 8.8 Telecommunications Update Service RedHat glib2-0:2.56.4-162.el8_8 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat glib2-0:2.56.4-162.el8_8 *
Red Hat Enterprise Linux 9 RedHat rhel9/toolbox:9.4-12.1725906880 *
Red Hat Enterprise Linux 9 RedHat ubi9/toolbox:9.4-12.1725906880 *
Red Hat Enterprise Linux 9 RedHat glib2-0:2.68.4-14.el9_4.1 *
Red Hat Enterprise Linux 9 RedHat mingw-glib2-0:2.78.6-1.el9 *
Red Hat Enterprise Linux 9 RedHat glib2-0:2.68.4-14.el9_4.1 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat glib2-0:2.68.4-7.el9_2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-config-sync-rhel9:1.4.7-3 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-flow-collector-rhel9:1.4.7-3 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-operator-bundle:1.4.7-4 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-router-rhel9:2.4.3-7 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-service-controller-rhel9:1.4.7-3 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-site-controller-rhel9:1.4.7-3 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-config-sync-rhel9:1.4.7-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-flow-collector-rhel9:1.4.7-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-operator-bundle:1.4.7-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-router-rhel9:2.4.3-6 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-service-controller-rhel9:1.4.7-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-site-controller-rhel9:1.4.7-2 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-config-sync-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-controller-podman-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-flow-collector-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-operator-bundle:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-router-rhel9:2.5.3-6 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-service-controller-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-site-controller-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-config-sync-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-controller-podman-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-flow-collector-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-operator-bundle:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-router-rhel9:2.5.3-5 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-service-controller-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-site-controller-rhel9:1.5.5-3 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat registry.redhat.io/rhosdt/jaeger-agent-rhel8:sha256:389b9cbd0f05d3d773edc2c06aa73818307cbb25048bddf4f192a992670b6fb4 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8:sha256:3b00e2fec645e140fa304e5823bcb1d0fcd1ddac7f4cbf6e9a9c0fbeaf29682d *
Red Hat OpenShift distributed tracing 3.6.1 RedHat registry.redhat.io/rhosdt/jaeger-collector-rhel8:sha256:addf7b49ce99777a3bbf12c2e6678b604f3cfaf91feaaeb4192d75e902e46458 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8:sha256:3d98512aaa924e0e1c9f3b5ab6b405cb4f4a3f3b5225aefa54f1b2abfbe3d769 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8:sha256:b91fe4769ad1e0cf809e3db4d494a5526608b2fa2114fc5e28624372858bb203 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat registry.redhat.io/rhosdt/jaeger-ingester-rhel8:sha256:2e6d535aa3208ca8ae1bc588393c8bc499c4bfb452aceca047523502ddffa0ed *
Red Hat OpenShift distributed tracing 3.6.1 RedHat registry.redhat.io/rhosdt/jaeger-operator-bundle:sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat registry.redhat.io/rhosdt/jaeger-query-rhel8:sha256:201d1bd33f7e22c463aaf94b4f84e4610f129affd8a96efb8722aabfbc612bfd *
Red Hat OpenShift distributed tracing 3.6.1 RedHat registry.redhat.io/rhosdt/jaeger-rhel8-operator:sha256:8d7c966e19b03dc4b7f123c9f4096ed4267be5596d08958f4c75a88b3bc541da *
Glib2.0 Ubuntu devel *
Glib2.0 Ubuntu esm-infra/focal *
Glib2.0 Ubuntu focal *
Glib2.0 Ubuntu jammy *
Glib2.0 Ubuntu mantic *
Glib2.0 Ubuntu noble *
Glib2.0 Ubuntu oracular *
Glib2.0 Ubuntu plucky *
Glib2.0 Ubuntu trusty/esm *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use