GNOME's Help Browser Affected By A Serious Security Issue For Arbitrary File Reads

Karna@lemmy.ml · 4 days ago

GNOME's Help Browser Affected By A Serious Security Issue For Arbitrary File Reads

setVeryLoud(true);@lemmy.ca · 4 days ago

Ouch, how did this happen, and why have patches sat unreviewed?

anamethatisnt@sopuli.xyz · 4 days ago

Here they talk about the issue and its limitations and it seems they missed the workaround mentioned below in the writeup:
https://gitlab.gnome.org/GNOME/yelp/-/issues/221#note_2392999

This attack has some limitations:

Attacker needs to know the unix username of the victim.

Browsers ask the user for permission on redirects to custom schemes.

However, the initial current working directory (CWD) of applications started by GNOME (e.g., using Alt+F2 or dock shortcuts) is the user’s home directory. As a result, the CWD of Chrome and Firefox is also set to the user’s home directory. We can abuse this behavior to point to the victim’s Downloads folder and bypass the first condition.

https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2

GNOME's Help Browser Affected By A Serious Security Issue For Arbitrary File Reads

GNOME's Help Browser Affected By A Serious Security Issue For Arbitrary File Reads

Attention Required! | Cloudflare