Vulnerabilites related to gnome - gnome-shell
CVE-2012-4427 (GCVE-0-2012-4427)
Vulnerability from cvelistv5
Published
2012-10-01 01:00
Modified
2024-08-06 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=779473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=684215"
},
{
"name": "[oss-security] 20120913 Re: note on gnome shell extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/19"
},
{
"name": "[oss-security] 20120909 note on gnome shell extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/08/1"
},
{
"name": "[oss-security] 20120918 Re: Re: note on gnome shell extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/18/3"
},
{
"name": "[oss-security] 20120913 Re: Re: note on gnome shell extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/26"
},
{
"name": "55556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-01T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=779473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=684215"
},
{
"name": "[oss-security] 20120913 Re: note on gnome shell extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/19"
},
{
"name": "[oss-security] 20120909 note on gnome shell extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/08/1"
},
{
"name": "[oss-security] 20120918 Re: Re: note on gnome shell extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/18/3"
},
{
"name": "[oss-security] 20120913 Re: Re: note on gnome shell extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/26"
},
{
"name": "55556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55556"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4427",
"datePublished": "2012-10-01T01:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-08-06T20:35:09.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43090 (GCVE-0-2023-43090)
Vulnerability from cvelistv5
Published
2023-09-22 05:02
Modified
2024-08-02 19:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnome:gnome-shell:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gnome-shell",
"vendor": "gnome",
"versions": [
{
"status": "unknown",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-19T17:28:47.369532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:59.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-43090"
},
{
"name": "RHBZ#2239087",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239087"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.gnome.org/GNOME/gnome-shell",
"defaultStatus": "unaffected",
"packageName": "gnome-shell",
"versions": [
{
"lessThan": "42.*",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "43.9",
"status": "affected",
"version": "43.0",
"versionType": "custom"
},
{
"lessThan": "44.5",
"status": "affected",
"version": "44.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Mickael Karatekin (SysDream) for reporting this issue."
}
],
"datePublic": "2023-09-15T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNOME Shell. GNOME Shell\u0027s lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:43:44.302Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-43090"
},
{
"name": "RHBZ#2239087",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239087"
},
{
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990"
},
{
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-15T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gnome-shell: screenshot tool allows viewing open windows when session is locked"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-43090",
"datePublished": "2023-09-22T05:02:08.801Z",
"dateReserved": "2023-09-15T07:17:59.705Z",
"dateUpdated": "2024-08-02T19:37:23.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7221 (GCVE-0-2013-7221)
Vulnerability from cvelistv5
Published
2014-04-29 14:00
Modified
2024-08-06 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088"
},
{
"name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=708313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the \"Enter a Command\" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088"
},
{
"name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=708313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the \"Enter a Command\" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"name": "https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088"
},
{
"name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=708313",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=708313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7221",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2013-12-27T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17489 (GCVE-0-2020-17489)
Vulnerability from cvelistv5
Published
2020-08-11 20:07
Modified
2024-08-04 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
},
{
"name": "USN-4464-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4464-1/"
},
{
"name": "GLSA-202009-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202009-08"
},
{
"name": "[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
},
{
"name": "openSUSE-SU-2020:1861",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-07T12:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
},
{
"name": "USN-4464-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4464-1/"
},
{
"name": "GLSA-202009-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202009-08"
},
{
"name": "[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
},
{
"name": "openSUSE-SU-2020:1861",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-17489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
},
{
"name": "USN-4464-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4464-1/"
},
{
"name": "GLSA-202009-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202009-08"
},
{
"name": "[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
},
{
"name": "openSUSE-SU-2020:1861",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17489",
"datePublished": "2020-08-11T20:07:26",
"dateReserved": "2020-08-11T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20315 (GCVE-0-2021-20315)
Vulnerability from cvelistv5
Published
2022-02-18 00:00
Modified
2024-08-03 17:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | gnome-shell |
Version: gnome-shell 3.32.2-40.el8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnome-shell",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gnome-shell 3.32.2-40.el8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the \"Application menu\" or \"Window list\" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20315",
"datePublished": "2022-02-18T00:00:00",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3820 (GCVE-0-2019-3820)
Vulnerability from cvelistv5
Published
2019-02-06 20:00
Modified
2024-08-04 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Gnome Project | gnome-shell |
Version: since 3.15.91 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"
},
{
"name": "USN-3966-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3966-1/"
},
{
"name": "openSUSE-SU-2019:1529",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html"
},
{
"name": "openSUSE-SU-2019:1582",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnome-shell",
"vendor": "The Gnome Project",
"versions": [
{
"status": "affected",
"version": "since 3.15.91"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T01:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"
},
{
"name": "USN-3966-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3966-1/"
},
{
"name": "openSUSE-SU-2019:1529",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html"
},
{
"name": "openSUSE-SU-2019:1582",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnome-shell",
"version": {
"version_data": [
{
"version_value": "since 3.15.91"
}
]
}
}
]
},
"vendor_name": "The Gnome Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820"
},
{
"name": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"
},
{
"name": "USN-3966-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3966-1/"
},
{
"name": "openSUSE-SU-2019:1529",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html"
},
{
"name": "openSUSE-SU-2019:1582",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3820",
"datePublished": "2019-02-06T20:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8288 (GCVE-0-2017-8288)
Vulnerability from cvelistv5
Published
2017-04-27 00:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/EasyScreenCast/EasyScreenCast/issues/46"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=781728"
},
{
"name": "98070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.kali.org/view.php?id=2513"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EasyScreenCast/EasyScreenCast/issues/46"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=781728"
},
{
"name": "98070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.kali.org/view.php?id=2513"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/EasyScreenCast/EasyScreenCast/issues/46",
"refsource": "CONFIRM",
"url": "https://github.com/EasyScreenCast/EasyScreenCast/issues/46"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=781728",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=781728"
},
{
"name": "98070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98070"
},
{
"name": "https://bugs.kali.org/view.php?id=2513",
"refsource": "CONFIRM",
"url": "https://bugs.kali.org/view.php?id=2513"
},
{
"name": "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1",
"refsource": "CONFIRM",
"url": "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8288",
"datePublished": "2017-04-27T00:00:00",
"dateReserved": "2017-04-26T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3982 (GCVE-0-2021-3982)
Vulnerability from cvelistv5
Published
2022-04-29 00:00
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | gnome-shell |
Version: gnome-shell downstream versions using CAP_SYS_NICE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnome-shell",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gnome-shell downstream versions using CAP_SYS_NICE"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-28T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284"
},
{
"url": "https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3982",
"datePublished": "2022-04-29T00:00:00",
"dateReserved": "2021-11-19T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7300 (GCVE-0-2014-7300)
Vulnerability from cvelistv5
Published
2014-12-25 21:00
Modified
2024-08-06 12:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"
},
{
"name": "RHSA-2015:0535",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"
},
{
"name": "[oss-security] 20140929 gnome-shell lockscreen bypass with printscreen key",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/09/29/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-16T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"
},
{
"name": "RHSA-2015:0535",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"
},
{
"name": "[oss-security] 20140929 gnome-shell lockscreen bypass with printscreen key",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/09/29/17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"
},
{
"name": "RHSA-2015:0535",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"
},
{
"name": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=737456",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"
},
{
"name": "[oss-security] 20140929 gnome-shell lockscreen bypass with printscreen key",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/09/29/17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7300",
"datePublished": "2014-12-25T21:00:00",
"dateReserved": "2014-10-02T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7220 (GCVE-0-2013-7220)
Vulnerability from cvelistv5
Published
2014-04-29 14:00
Modified
2024-08-06 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030431"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=686740"
},
{
"name": "[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/6"
},
{
"name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030431"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=686740"
},
{
"name": "[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/6"
},
{
"name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j",
"refsource": "CONFIRM",
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1030431",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030431"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=686740",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=686740"
},
{
"name": "[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/6"
},
{
"name": "[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7220",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2013-12-27T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4000 (GCVE-0-2010-4000)
Vulnerability from cvelistv5
Published
2010-11-05 22:00
Modified
2024-09-16 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=644561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-05T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=644561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=644561",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=644561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4000",
"datePublished": "2010-11-05T22:00:00Z",
"dateReserved": "2010-10-19T00:00:00Z",
"dateUpdated": "2024-09-16T22:40:43.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-11-06 00:00
Modified
2025-04-11 00:51
Severity ?
Summary
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome-shell | 2.31.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:2.31.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E347BBC2-FF2C-44FD-B5D8-8BED3A89DBBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
},
{
"lang": "es",
"value": "gnome-shell en GNOME Shell v2.31.5 pone un nombre de directorio de longitud cero en la variable LD_LIBRARY_PATH, lo que permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya en una biblioteca compartida en el directorio de trabajo actual."
}
],
"id": "CVE-2010-4000",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-11-06T00:00:02.627",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=644561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=644561"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-29 17:15
Modified
2024-11-21 06:23
Severity ?
Summary
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome-shell | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB26AD18-EB30-48AE-94CD-8573D7D60B34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine."
},
{
"lang": "es",
"value": "Las distribuciones de Linux que usan la funci\u00f3n CAP_SYS_NICE para gnome-shell pueden estar expuestas a un problema de escalada de privilegios. Un atacante, con permisos de bajo privilegio, puede aprovechar la forma en que CAP_SYS_NICE est\u00e1 actualmente implementado y eventualmente cargar c\u00f3digo para aumentar su prioridad de programaci\u00f3n de procesos conllevando a un posible DoS de otros servicios que son ejecutados en la misma m\u00e1quina"
}
],
"id": "CVE-2021-3982",
"lastModified": "2024-11-21T06:23:18.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-29T17:15:19.927",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-273"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-273"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-11 21:15
Modified
2024-11-21 05:08
Severity ?
Summary
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome-shell | * | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E93A336-4ABA-4C22-BB51-ACDD7F43397C",
"versionEndIncluding": "3.36.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en determinadas configuraciones de GNOME gnome-shell versiones hasta 3.36.4. Cuando se cierra la sesi\u00f3n de una cuenta, el cuadro de contrase\u00f1a a partir del cuadro de di\u00e1logo de inicio de sesi\u00f3n vuelve a aparecer con la contrase\u00f1a a\u00fan visible. Si el usuario ha decidido que la contrase\u00f1a se muestre en texto sin cifrar en el momento del inicio de sesi\u00f3n, estar\u00e1 visible durante un breve momento al cerrar la sesi\u00f3n. (Si la contrase\u00f1a nunca se mostr\u00f3 en texto sin cifrar, solo la longitud de la contrase\u00f1a es revelada)"
}
],
"id": "CVE-2020-17489",
"lastModified": "2024-11-21T05:08:13.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-11T21:15:10.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-08"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4464-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4464-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-06 20:29
Modified
2024-11-21 04:42
Severity ?
Summary
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome-shell | * | |
| gnome | gnome-shell | * | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 42.3 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA753016-F090-40F1-8E02-B9E07D3E771D",
"versionEndExcluding": "3.30.3",
"versionStartIncluding": "3.15.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A98A92EC-864A-4D43-9C48-057CDAB50F17",
"versionEndExcluding": "3.31.5",
"versionStartIncluding": "3.31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions."
},
{
"lang": "es",
"value": "Se ha descubierto que la pantalla de bloqueo de gnome-shell, desde la versi\u00f3n 3.15.91 no restringi\u00f3 correctamente todas las acciones contextuales. Un atacante con acceso f\u00edsico a una estaci\u00f3n de trabajo bloqueada podr\u00eda invocar ciertos atajos de teclado y, potencialmente, otras acciones."
}
],
"id": "CVE-2019-3820",
"lastModified": "2024-11-21T04:42:36.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 3.7,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-06T20:29:00.290",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3966-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3966-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-01 03:26
Modified
2025-04-11 00:51
Severity ?
Summary
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome-shell | 3.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85C39341-601F-434E-96B9-011864C5AE76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page."
},
{
"lang": "es",
"value": "El complemento gnome-shell v3.4.1 en GNOME permite a atacantes remotos forzar la descarga e instalaci\u00f3n de extensiones arbitrarias desde extensions.gnome.org a trav\u00e9s de una p\u00e1gina modificada."
}
],
"id": "CVE-2012-4427",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-01T03:26:16.257",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/08/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/19"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/26"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/18/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55556"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=684215"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=779473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/18/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=684215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=779473"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-27 00:59
Modified
2025-04-20 01:37
Severity ?
Summary
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome-shell | 3.22.0 | |
| gnome | gnome-shell | 3.22.1 | |
| gnome | gnome-shell | 3.22.2 | |
| gnome | gnome-shell | 3.22.3 | |
| gnome | gnome-shell | 3.23.1 | |
| gnome | gnome-shell | 3.23.2 | |
| gnome | gnome-shell | 3.23.3 | |
| gnome | gnome-shell | 3.23.90 | |
| gnome | gnome-shell | 3.23.91 | |
| gnome | gnome-shell | 3.23.92 | |
| gnome | gnome-shell | 3.24.0 | |
| gnome | gnome-shell | 3.24.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198E17C-7E84-4C2C-BAF3-EC23C3AE06A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "175A072B-5C22-4E7B-B424-D39EC494D2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD7DE8C-2562-4869-9B71-CF589B657416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "73A9701D-8279-43A5-9C17-95F0E7AE393B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9F5C5E-A869-43C4-964A-53B5F86A1535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54B578F8-126F-462C-ACA2-050DBA507D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28263BD0-7BD0-43FB-9B0C-E5EC76B26D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.23.90:*:*:*:*:*:*:*",
"matchCriteriaId": "C7631BF2-04D3-43A9-A3CE-78A0BA6267D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.23.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB6B52-E0FB-4C7E-A713-8911363DF012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.23.92:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAC1907-E75B-4063-B437-2809769D8CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94FEAFD5-762D-4AD8-B4D9-0EDAE4789D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "963F3846-793E-4156-9CF8-DB7595BAB904",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js."
},
{
"lang": "es",
"value": "Gnome-shell en las versiones 3.22 a la 3.24.1, no gestiona correctamente extensiones que fallan en la recarga, lo que puede llevar a dejar extensiones habilitadas en la pantalla de bloqueo. Con estas extensiones, un usuario puede iniciar aplicaciones (pero no interactuar con ellas). Ver informaci\u00f3n de las extensiones (por ejemplo, qu\u00e9 aplicaciones se han abierto o qu\u00e9 m\u00fasica se est\u00e1 reproduciendo) o incluso ejecutar comandos arbitrarios. Todo depende de las extensiones habiliadas por el usuario. El problema se debe a la falta de gesti\u00f3n de excepciones en js/ui/extensionSystem.js."
}
],
"id": "CVE-2017-8288",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-27T00:59:00.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98070"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.kali.org/view.php?id=2513"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=781728"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/EasyScreenCast/EasyScreenCast/issues/46"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.kali.org/view.php?id=2513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=781728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/EasyScreenCast/EasyScreenCast/issues/46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-22 06:15
Modified
2024-11-21 08:23
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| patrick@puiterwijk.org | https://access.redhat.com/security/cve/CVE-2023-43090 | Third Party Advisory | |
| patrick@puiterwijk.org | https://bugzilla.redhat.com/show_bug.cgi?id=2239087 | Issue Tracking, Third Party Advisory | |
| patrick@puiterwijk.org | https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| patrick@puiterwijk.org | https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-43090 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2239087 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome-shell | * | |
| gnome | gnome-shell | * | |
| gnome | gnome-shell | 42 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A51F9D-C630-4F19-8DED-9247B3C568B8",
"versionEndExcluding": "43.9",
"versionStartIncluding": "43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA677E16-529C-4D1D-BEF7-F8C63FFD69AF",
"versionEndExcluding": "44.5",
"versionStartIncluding": "44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:42:*:*:*:*:*:*:*",
"matchCriteriaId": "6C024C0D-E889-40F0-8888-DB1A0267A11A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNOME Shell. GNOME Shell\u0027s lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en GNOME Shell. La pantalla de bloqueo de GNOME Shell permite a un usuario local no autenticado ver ventanas de la sesi\u00f3n de escritorio bloqueada mediante el uso de atajos de teclado para desbloquear la funcionalidad restringida de la herramienta de captura de pantalla."
}
],
"id": "CVE-2023-43090",
"lastModified": "2024-11-21T08:23:42.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "patrick@puiterwijk.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T06:15:09.810",
"references": [
{
"source": "patrick@puiterwijk.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-43090"
},
{
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239087"
},
{
"source": "patrick@puiterwijk.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990"
},
{
"source": "patrick@puiterwijk.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-43090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944"
}
],
"sourceIdentifier": "patrick@puiterwijk.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-18 18:15
Modified
2024-11-21 05:46
Severity ?
Summary
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2006285 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2006285 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome-shell | * | |
| centos | stream | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "846C7D79-30CC-48F6-9970-5671C658D42A",
"versionEndExcluding": "3.32.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:centos:stream:8:*:*:*:*:*:*:*",
"matchCriteriaId": "CF40AED3-057A-48B0-95D2-8584EA2F13AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the \"Application menu\" or \"Window list\" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de omisi\u00f3n de la protecci\u00f3n de bloqueo en algunas versiones de gnome-shell tal y como se distribuye en CentOS Stream 8, cuando las extensiones de GNOME \"Application menu\" o \"Window list\" est\u00e1n habilitadas. Este fallo permite a un atacante f\u00edsico que tenga acceso a un sistema bloqueado matar las aplicaciones existentes e iniciar otras nuevas como el usuario bloqueado, incluso si la sesi\u00f3n sigue bloqueada"
}
],
"id": "CVE-2021-20315",
"lastModified": "2024-11-21T05:46:21.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:08.800",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006285"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-25 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gnome-shell | 3.14.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD535807-17D9-4599-AEAE-5CC7FD3FF5A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer."
},
{
"lang": "es",
"value": "GNOME Shell 3.14.x anterior a 3.14.1, cuando se utiliza la caracter\u00edstica Screen Lock, no se limita el consumo de memoria para todas las peticiones activas PrtSc , lo que permite a atacantes cercanos f\u00edsicamente ejecutar comandos arbitrarios en una estaci\u00f3n de trabajo desatendida haciendo numerosas peticiones PrtSc y aprovechando un bloqueo temporal, y la disponibilidad de una shell resultante temporal, causada por Linux kernel OOM killer."
}
],
"id": "CVE-2014-7300",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-25T21:59:02.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/09/29/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/09/29/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 14:38
Modified
2025-04-12 10:46
Severity ?
Summary
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE87665B-BD50-4EC7-852E-C33775D57DA7",
"versionEndIncluding": "3.9.92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82ACC9E5-5CFF-4B0D-9E6C-A08FE8575822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "114459B1-D495-48A9-9AE2-FBCB4286F193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F606D55F-BFB3-4618-AC95-5AD3BD903B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F459BAF6-E5AA-4B37-B9D9-8FB583418956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F58A7204-B850-4789-8970-109A5DAD12F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4ABEC4-FE7F-46A9-A8E9-3EA6ECF3C387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9656B63-4658-4CC8-B1F1-18B4256A3CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "661C01B1-0ABF-43DD-9593-94E13A4A464A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F924115B-B5A2-41E9-A48C-14D501C740F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4E1E27-8B5B-409D-A617-81F028BBB720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2788E003-3514-47E4-837F-3D13D0D48420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "C5741472-28E5-4F45-8029-FB275D82DF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86BF5692-BE0D-4209-A56E-7ACD49067B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9AE668-71FC-4023-A898-0C2AF6C82856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51DCD82C-64C8-44E7-A352-1F782B17B5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68DE0BDF-56E9-47FF-9455-0D076F21BBED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6350AB8C-190A-4CCD-BBD1-16E9EE8A6550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42D44580-FFEB-41A3-8CF5-8E7F2C876355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7433A0F4-60D1-4144-80CE-CAC8C7CAA0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6FEE79-012C-46E6-9038-71B0A5C58119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "87526D65-2C71-4F49-9616-BEDFEBA85308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "302C4D31-5FC8-4418-8CD2-8A55853ADCDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF9CB49-8832-4A7D-BC9C-36F813941490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85C39341-601F-434E-96B9-011864C5AE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD78C76-5804-45F7-AB05-06AFA826FC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB3B460-C89E-48C8-81FE-B50FF87AF3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5381CBC-786E-475B-B2C2-73E4B8A86E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21D11F9C-30EC-41F0-BEC1-F2391BD431C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "AD82EFDE-9845-429F-8525-D26332445D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "63F6D77A-ED01-4E1B-BAE5-E9CA21B697EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.92:*:*:*:*:*:*:*",
"matchCriteriaId": "395C11EB-B102-406B-90C7-B644C42EB100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5BBD5-0818-4211-B6A8-9796D299435B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1273739-1D54-4E09-8C11-E6A15D7F5DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "486233D1-DEF4-4A48-8F3E-6AD049754258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0D5581-3930-4EC1-87FB-D4FF77200476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C216CB4-EC05-49C3-8FC9-3E3CC5B76130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BEE3CC-9F94-452E-B564-F291CC5F50CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F084D-CAC4-4CC2-8B01-A2CA8D5C249E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "435020D6-9881-4F54-AB67-ABA146219C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DC4858-6A22-4086-BD8F-D78C69A9B9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27968FC8-9122-4FFE-ABFE-A453507DA335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A719995-DE52-4A91-A4FC-DADFFE5B1DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "947957CD-1381-41BD-B156-DFEEC6D5B86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66C15C16-975D-494B-A4C8-F732A87E6081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.91:*:*:*:*:*:*:*",
"matchCriteriaId": "794CB61C-B23D-44CB-9845-F9A372793E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.92:*:*:*:*:*:*:*",
"matchCriteriaId": "E8162075-30F7-461A-993B-7DEC08C3C72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A62FB546-C16E-45F1-8D1C-1178E20E46B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E50C3387-4A78-4E82-848B-F27085846F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0916E4-641F-45C7-98CE-C7927AAB15A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B95357F-9DA7-4D12-92C2-0AB96CB40B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "867E7520-B75C-4B0F-9850-21CF47BD6023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3725C85F-EE88-4918-9ECF-5CF9AE3CFCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B90A9B62-F9D1-4784-A141-E8255E239810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DEC960F-FAB5-4F82-9985-E7A921970F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA69A4F4-8624-4305-BA89-D5950B0BFD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA8284C-B916-403C-B953-2F77B771A06D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BADEE65E-8766-41B0-A6E1-94FE62D11FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.9.90:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C1915B-61BA-4DF9-BB15-A42632C7F5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.9.91:*:*:*:*:*:*:*",
"matchCriteriaId": "DE79F30A-9534-4A4B-827F-6C6A1E65C6BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the \"Enter a Command\" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation."
},
{
"lang": "es",
"value": "La funcionalidad de bloqueo de pantalla autom\u00e1tico en GNOME Shell (tambi\u00e9n conocido como gnome-shell) anterior a 3.10 no previene acceso al dialogo \"Enter a Command\", lo que permite a atacantes f\u00edsicamente pr\u00f3ximos ejecutar comandos arbitrarios aprovechandose de una estaci\u00f3n de trabajo desatendida."
}
],
"id": "CVE-2013-7221",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T14:38:47.170",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=708313"
},
{
"source": "cve@mitre.org",
"url": "https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=708313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 14:38
Modified
2025-04-12 10:46
Severity ?
Summary
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C74C9F-D2CC-4636-87DD-630FD2F74DDE",
"versionEndIncluding": "3.7.92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82ACC9E5-5CFF-4B0D-9E6C-A08FE8575822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "114459B1-D495-48A9-9AE2-FBCB4286F193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F606D55F-BFB3-4618-AC95-5AD3BD903B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F459BAF6-E5AA-4B37-B9D9-8FB583418956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F58A7204-B850-4789-8970-109A5DAD12F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4ABEC4-FE7F-46A9-A8E9-3EA6ECF3C387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9656B63-4658-4CC8-B1F1-18B4256A3CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "661C01B1-0ABF-43DD-9593-94E13A4A464A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F924115B-B5A2-41E9-A48C-14D501C740F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4E1E27-8B5B-409D-A617-81F028BBB720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2788E003-3514-47E4-837F-3D13D0D48420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "C5741472-28E5-4F45-8029-FB275D82DF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86BF5692-BE0D-4209-A56E-7ACD49067B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9AE668-71FC-4023-A898-0C2AF6C82856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51DCD82C-64C8-44E7-A352-1F782B17B5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68DE0BDF-56E9-47FF-9455-0D076F21BBED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6350AB8C-190A-4CCD-BBD1-16E9EE8A6550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42D44580-FFEB-41A3-8CF5-8E7F2C876355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7433A0F4-60D1-4144-80CE-CAC8C7CAA0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6FEE79-012C-46E6-9038-71B0A5C58119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "87526D65-2C71-4F49-9616-BEDFEBA85308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "302C4D31-5FC8-4418-8CD2-8A55853ADCDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF9CB49-8832-4A7D-BC9C-36F813941490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85C39341-601F-434E-96B9-011864C5AE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD78C76-5804-45F7-AB05-06AFA826FC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB3B460-C89E-48C8-81FE-B50FF87AF3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5381CBC-786E-475B-B2C2-73E4B8A86E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21D11F9C-30EC-41F0-BEC1-F2391BD431C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "AD82EFDE-9845-429F-8525-D26332445D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "63F6D77A-ED01-4E1B-BAE5-E9CA21B697EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.5.92:*:*:*:*:*:*:*",
"matchCriteriaId": "395C11EB-B102-406B-90C7-B644C42EB100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF5BBD5-0818-4211-B6A8-9796D299435B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1273739-1D54-4E09-8C11-E6A15D7F5DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "486233D1-DEF4-4A48-8F3E-6AD049754258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0D5581-3930-4EC1-87FB-D4FF77200476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C216CB4-EC05-49C3-8FC9-3E3CC5B76130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BEE3CC-9F94-452E-B564-F291CC5F50CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F084D-CAC4-4CC2-8B01-A2CA8D5C249E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "435020D6-9881-4F54-AB67-ABA146219C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DC4858-6A22-4086-BD8F-D78C69A9B9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27968FC8-9122-4FFE-ABFE-A453507DA335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A719995-DE52-4A91-A4FC-DADFFE5B1DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "947957CD-1381-41BD-B156-DFEEC6D5B86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66C15C16-975D-494B-A4C8-F732A87E6081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gnome-shell:3.7.91:*:*:*:*:*:*:*",
"matchCriteriaId": "794CB61C-B23D-44CB-9845-F9A372793E5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search."
},
{
"lang": "es",
"value": "js/ui/screenShield.js en GNOME Shell (tambi\u00e9n conocido como gnome-shell) anterior a 3.8 permite a atacantes f\u00edsicamente pr\u00f3ximos ejecutar comandos arbitrarios mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida con el foco de teclado en el campo de b\u00fasqueda de Activities."
}
],
"evaluatorComment": "Per: https://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"",
"id": "CVE-2013-7220",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T14:38:46.967",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=686740"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030431"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=686740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}