CVE-2019-3820Improper Authorization in Gnome-shell

CWE-285Improper AuthorizationCWE-287Improper Authentication11 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 86.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Gnome Gnome-shellTHE Gnome Project Gnome-shellCanonical Ubuntu Linux+1 more
Timeline
PublishedFeb 6
Latest updateOct 3

Description

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 0.9 | Impact: 3.4

Affected Packages4 packages

NVDgnome/gnome-shell3.15.913.30.3+1
Debiangnome/gnome-shell< 3.30.2-3+3
CVEListV5the_gnome_project/gnome-shellsince 3.15.91
NVDopensuse/leap15.0, 15.1, 42.3+2

Also affects: Ubuntu Linux 18.04, 18.10

Patches

Patch: gitlab.gnome.orgPatch: gitlab.gnome.org

🔴Vulnerability Details

4
OSV
gnome-shell vulnerabilities2024-10-03
GHSA
GHSA-jh4v-7q79-jf56: It was discovered that the gnome-shell lock screen since version 32022-05-13
CVEList
CVE-2019-3820: It was discovered that the gnome-shell lock screen since version 32019-02-06
OSV
CVE-2019-3820: It was discovered that the gnome-shell lock screen since version 32019-02-06

📋Vendor Advisories

4
Ubuntu
GNOME Shell vulnerabilities2024-10-03
Ubuntu
GNOME Shell vulnerability2019-05-06
Red Hat
gnome-shell: partial lock screen bypass2019-02-05
Debian
CVE-2019-3820: gnome-shell - It was discovered that the gnome-shell lock screen since version 3.15.91 did not...2019

💬Community

2
Bugzilla
CVE-2019-3820 gnome-shell: partial lock screen bypass [fedora-all]2019-02-06
Bugzilla
CVE-2019-3820 gnome-shell: partial lock screen bypass2019-01-25
CVE-2019-3820 — Improper Authorization in Gnome-shell | cvebase