CVE-2013-7220 — Gnome-shell vulnerability

7 documents7 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 73.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gnome-shell

Timeline

PublishedApr 29

Latest updateMay 17

Description

js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶Debiangnome/gnome-shell< 3.8.4-1+3

▶NVDgnome/gnome-shell3.7.92+45

🔴Vulnerability Details

GHSA

GHSA-9965-5x5j-j3rf: js/ui/screenShield↗2022-05-17

▶

CVEList

CVE-2013-7220: js/ui/screenShield↗2014-04-29

▶

OSV

CVE-2013-7220: js/ui/screenShield↗2014-04-29

▶

📋Vendor Advisories

Red Hat

gnome-shell: blind command execution via activities search keyboard focus↗2013-11-14

▶

Debian

CVE-2013-7220: gnome-shell - js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physica...↗2013

▶

💬Community

Bugzilla

CVE-2013-7220 gnome-shell: blind command execution via activities search keyboard focus↗2013-11-14

▶