Search for vulnerabilities
Vulnerability details: VCID-wd4d-axry-aaas
Vulnerability ID VCID-wd4d-axry-aaas
Aliases CVE-2024-36472
Summary In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-83 Improper Neutralization of Script in Attributes in a Web Page
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36472.json
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2024-36472
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
ssvc Track https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36472.json
https://api.first.org/data/v1/epss?cve=CVE-2024-36472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36472
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
1072124 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072124
2283750 https://bugzilla.redhat.com/show_bug.cgi?id=2283750
CVE-2024-36472 https://nvd.nist.gov/vuln/detail/CVE-2024-36472
RHSA-2024:5298 https://access.redhat.com/errata/RHSA-2024:5298
RHSA-2024:9114 https://access.redhat.com/errata/RHSA-2024:9114
RHSA-2024:9915 https://access.redhat.com/errata/RHSA-2024:9915
USN-6963-1 https://usn.ubuntu.com/6963-1/
No exploits are available.
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36472.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T18:48:35Z/ Found at https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
Exploit Prediction Scoring System (EPSS)
Percentile 0.05086
EPSS Score 0.00029
Published At April 4, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-05-29T00:36:21.305638+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.0rc4