Control: forwarded -1 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
On Tue, May 28, 2024 at 5:24 PM Moritz Mühlenhoff <j...@inutil.org> wrote: > CVE-2024-36472[0]: > | In GNOME Shell through 45.7, a portal helper can be launched > | automatically (without user confirmation) based on network responses > | provided by an adversary (e.g., an adversary who controls the local > | Wi-Fi network), and subsequently loads untrusted JavaScript code, > | which may lead to resource consumption or other impacts depending on > | the JavaScript code's behavior. The initial GNOME issue was closed already (the CVE was requested by someone who is not a GNOME developer). But GNOME Shell may change the workflow for the captive portal helper so we can leave this bug open, pointing to the new issue that was opened upstream. Thank you, Jeremy Bícha
