CVE-2023-43090
Published: 18 September 2023
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Notes
| Author | Note |
|---|---|
| mdeslaur | While the upstream bug says gnome-shell 42 is affected, I could not reproduce the issue on jammy |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gnome-shell Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
|
|
| lunar |
Released
(44.3-0ubuntu1.1)
|
|
| mantic |
Released
(45.0-1ubuntu1)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Released
(44.5-1)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |