CVE Vulnerabilities

CVE-2024-34397

Authentication Bypass by Spoofing

Published: May 07, 2024 | Modified: Jun 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
3.8 MODERATE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Ubuntu
MEDIUM

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

Weakness

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Affected Software

Name Vendor Start Version End Version
Glib Gnome * 2.78.5 (excluding)
Glib Gnome 2.79.0 (including) 2.80.1 (excluding)
Red Hat Enterprise Linux 8 RedHat glib2-0:2.56.4-166.el8_10 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat glib2-0:2.56.4-8.el8_2.2 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat glib2-0:2.56.4-10.el8_4.2 *
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On RedHat glib2-0:2.56.4-10.el8_4.2 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat glib2-0:2.56.4-158.el8_6.2 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat glib2-0:2.56.4-158.el8_6.2 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat glib2-0:2.56.4-158.el8_6.2 *
Red Hat Enterprise Linux 8.8 Telecommunications Update Service RedHat glib2-0:2.56.4-162.el8_8 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat glib2-0:2.56.4-162.el8_8 *
Red Hat Enterprise Linux 9 RedHat rhel9/toolbox:9.4-12.1725906880 *
Red Hat Enterprise Linux 9 RedHat ubi9/toolbox:9.4-12.1725906880 *
Red Hat Enterprise Linux 9 RedHat glib2-0:2.68.4-14.el9_4.1 *
Red Hat Enterprise Linux 9 RedHat mingw-glib2-0:2.78.6-1.el9 *
Red Hat Enterprise Linux 9 RedHat glib2-0:2.68.4-14.el9_4.1 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat glib2-0:2.68.4-7.el9_2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-config-sync-rhel9:1.4.7-3 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-flow-collector-rhel9:1.4.7-3 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-operator-bundle:1.4.7-4 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-router-rhel9:2.4.3-7 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-service-controller-rhel9:1.4.7-3 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-site-controller-rhel9:1.4.7-3 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-config-sync-rhel9:1.4.7-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-flow-collector-rhel9:1.4.7-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-operator-bundle:1.4.7-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-router-rhel9:2.4.3-6 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-service-controller-rhel9:1.4.7-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-site-controller-rhel9:1.4.7-2 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-config-sync-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-controller-podman-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-flow-collector-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-operator-bundle:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-router-rhel9:2.5.3-6 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-service-controller-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-site-controller-rhel9:1.5.5-4 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-config-sync-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-controller-podman-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-flow-collector-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-operator-bundle:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-router-rhel9:2.5.3-5 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-service-controller-rhel9:1.5.5-3 *
Service Interconnect 1 for RHEL 9 RedHat service-interconnect/skupper-site-controller-rhel9:1.5.5-3 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat rhosdt/jaeger-agent-rhel8:sha256:a891aa3f77d70d9d7966dfc71ff9087f45deb95d3025072da96a3ec5220db1f3 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat rhosdt/jaeger-all-in-one-rhel8:sha256:d9ca4a9ec5bc8de23e4550387f822f19949cdfbc4aeeab20e07b206d92f4a426 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat rhosdt/jaeger-collector-rhel8:sha256:438037a860968172a29c12ef14353081a5fd45ffe2e5dcccd3ab5486a5824578 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat rhosdt/jaeger-es-index-cleaner-rhel8:sha256:d0ee4c371754848f57e6b7c5fcf716a7d830cd72b65b8aeb30e78a8e26b40548 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat rhosdt/jaeger-es-rollover-rhel8:sha256:1c4617b035c66b6b34e9b19f618f72a19da5fce644d79e24eb262f14c848bc81 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat rhosdt/jaeger-ingester-rhel8:sha256:1784f71c94bd42380b88033411db9bb912ad2f321a8a6d8d7c49e029263ef714 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat rhosdt/jaeger-operator-bundle:sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72 *
Red Hat OpenShift distributed tracing 3.6.1 RedHat rhosdt/jaeger-query-rhel8:sha256:201d1bd33f7e22c463aaf94b4f84e4610f129affd8a96efb8722aabfbc612bfd *
Red Hat OpenShift distributed tracing 3.6.1 RedHat rhosdt/jaeger-rhel8-operator:sha256:b29bd499f9889e6de6728e4f8e5d18bf59ed8bd46c6fb598bf6fee150bf49449 *
Glib2.0 Ubuntu devel *
Glib2.0 Ubuntu esm-infra/focal *
Glib2.0 Ubuntu focal *
Glib2.0 Ubuntu jammy *
Glib2.0 Ubuntu mantic *
Glib2.0 Ubuntu noble *
Glib2.0 Ubuntu oracular *
Glib2.0 Ubuntu plucky *
Glib2.0 Ubuntu trusty/esm *

References