This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnome First view 2017-04-26
Product Gnome-Shell Last view 2023-09-22
Version 3.23.91 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnome:gnome-shell

Activity : Overall

Related : CVE

  Date Alert Description
5.5 2023-09-22 CVE-2023-43090

A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

6.1 2022-02-18 CVE-2021-20315

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

4.3 2020-08-11 CVE-2020-17489

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

4.3 2019-02-06 CVE-2019-3820

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

8.1 2017-04-26 CVE-2017-8288

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-667 Insufficient Locking
25% (1) CWE-522 Insufficiently Protected Credentials
25% (1) CWE-287 Improper Authentication
25% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

id Description
2017-08-29 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-974.nasl - Type: ACT_GATHER_INFO
2017-08-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2217-1.nasl - Type: ACT_GATHER_INFO