Arbitrary Command Execution Vulnerability in GNOME Shell by Red Hat
CVE-2013-7220

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnome-shell
Vendor: CVE Published:; 29 April 2014

What is CVE-2013-7220?

An issue in GNOME Shell allows local attackers to execute arbitrary commands through the Activities search feature on an unattended workstation. This vulnerability exploits scenarios where the keyboard focus is incorrectly maintained, hence enabling unauthorized access to system commands without user interaction. Users are advised to ensure that their workstations are secured when unattended to prevent potential exploitation.

References

https://github.com/o2platform/DefCon_RESTing/tree/master/...

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1030431

x_refsource_CONFIRM

https://bugzilla.gnome.org/show_bug.cgi?id=686740

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2014
Vulnerability Reserved
Dec 27, 2013

Gnome

What is CVE-2013-7220?

References

Timeline