Bug 2088691 (CVE-2022-1736)

Summary: CVE-2022-1736 gnome-control-center: GNOME Settings could allow unintended access to network services.
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bberg, cgarnach, feborges, gnome-sig, walter.pete
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Gnome Control Center. When turning off RDP Remote Desktop Sharing with gnome-control-center, it would only turn off RDP sharing for the current session. RDP Sharing was enabled again without any additional user interaction or notification upon logging back in.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-30 10:51:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2090743, 2090746, 2090747    
Bug Blocks: 2088692    

Description Avinash Hanwate 2022-05-20 05:42:11 UTC 
It was discovered that GNOME Settings incorrectly handled the remote desktop sharing configuration. When turning off desktop sharing, it may be
turned on again after rebooting, contrary to expectations.

References:
  https://ubuntu.com/security/notices/USN-5430-1
  https://launchpad.net/ubuntu/+source/gnome-control-center/1:41.4-1ubuntu13.2
Comment 1 Sandipan Roy 2022-05-26 13:18:14 UTC 
https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1825
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1971415
Comment 2 Sandipan Roy 2022-05-26 13:21:18 UTC 
Created gnome-control-center tracking bugs for this issue:

Affects: fedora-all [bug 2090743]