CVE-2014-1949

CWE-284 — Improper Access Control7 documents6 sources

Severity

7.2HIGH

EPSS

0.0%

top 88.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome GTK Canonical Ubuntu Linuxmint Linux Mint

Timeline

PublishedJan 16

Latest updateMay 17

Description

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages5 packages

▶Debiangtk+3.0< 3.11.8-1+3

▶Debiancinnamon< 2.2.14-1+3

▶NVDgnome/gtk3.10.9

▶NVDcanonical/ubuntu14.04

▶NVDlinuxmint/linux_mint17.0

🔴Vulnerability Details

GHSA

GHSA-38gw-6g45-69p7: GTK+ 3↗2022-05-17

▶

CVEList

CVE-2014-1949: GTK+ 3↗2015-01-16

▶

OSV

CVE-2014-1949: GTK+ 3↗2015-01-16

▶

📋Vendor Advisories

Debian

CVE-2014-1949: cinnamon - GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and...↗2014

▶

💬Community

Bugzilla

CVE-2014-1949 cinnamon: bypass screensaver lock via the keyboard's Menu key↗2014-02-13

▶

Bugzilla

CVE-2014-1949 cinnamon: bypass screensaver lock via the keyboard's Menu key [fedora-all]↗2014-02-13

▶