CVE-2013-7374

medium

Description

The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date.

References

https://bugs.launchpad.net/ubuntu/%2Bsource/indicator-datetime/%2Bbug/1246812

http://www.ubuntu.com/usn/USN-2186-1

http://www.openwall.com/lists/oss-security/2014/04/30/1

http://www.openwall.com/lists/oss-security/2014/04/29/3

http://bazaar.launchpad.net/~indicator-applet-developers/indicator-datetime/trunk.13.10/revision/282

Details

Source: Mitre, NVD

Published: 2014-05-01

Updated: 2014-07-18

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium