CVE-2023-43090 — Missing Authorization in Gnome-shell

CWE-862 — Missing Authorization7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 74.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gnome-shell Fedoraproject Fedora

Timeline

PublishedSep 22

Description

A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgnome/gnome-shell43 — 43.9+2

▶Debiangnome/gnome-shell< 43.6-1~deb12u2+2

Also affects: Fedora 37, 38

Patches

Patch: gitlab.gnome.org ↗Patch: gitlab.gnome.org ↗Patch: gitlab.gnome.org ↗

🔴Vulnerability Details

OSV

CVE-2023-43090: A vulnerability was found in GNOME Shell↗2023-09-22

▶

GHSA

GHSA-6wp3-hhxh-4vfp: A vulnerability was found in GNOME Shell↗2023-09-22

▶

CVEList

Gnome-shell: screenshot tool allows viewing open windows when session is locked↗2023-09-22

▶

📋Vendor Advisories

Ubuntu

GNOME Shell vulnerability↗2023-09-21

▶

Red Hat

gnome-shell: Screenshot tool allows viewing open windows when session is locked↗2023-09-15

▶

Debian

CVE-2023-43090: gnome-shell - A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an un...↗2023

▶