CVE-2012-4427 — Code Injection in Gnome-shell

CWE-94 — Code Injection9 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

1.0%

top 22.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gnome-shell

Timeline

PublishedOct 1

Latest updateMay 17

Description

The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debiangnome/gnome-shell< 3.34.0-2+3

▶NVDgnome/gnome-shell3.4.1

🔴Vulnerability Details

GHSA

GHSA-gxj3-vwm6-2f7w: The gnome-shell plugin 3↗2022-05-17

▶

OSV

CVE-2012-4427: The gnome-shell plugin 3↗2012-10-01

▶

CVEList

CVE-2012-4427: The gnome-shell plugin 3↗2012-10-01

▶

📋Vendor Advisories

Debian

CVE-2012-4427: gnome-shell - The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the downl...↗2012

▶

🕵️Threat Intelligence

Tenable

Nessus 5.0.2 Available↗2012-10-10

▶

💬Community

Bugzilla

CVE-2012-4427 gnome shell: browser integration plugin installs extensions without authorization↗2012-09-17

▶

Bugzilla

CVE-2012-4427 gnome shell: browser integration plugin installs extensions without authorization [fedora-all]↗2012-09-17

▶