Security Flaw in GNOME Shell Extensions by GNOME
CVE-2017-8288

8.1HIGH

Key Information:

Vendor
Gnome
Status
Gnome-shell
Vendor
CVE Published:
27 April 2017

Summary

The GNOME Shell vulnerabilities arise from improper handling of extensions that fail to reload, which may leave them active in the lock screen. This could allow unauthorized observers to run applications without interaction, reveal information like active applications or music playlists, and potentially execute arbitrary commands depending on the extensions a user has enabled. The flaw is linked to insufficient exception handling in the JavaScript component responsible for managing extensions.

References

https://github.com/EasyScreenCast/EasyScreenCast/issues/46
x_refsource_CONFIRM
https://bugzilla.gnome.org/show_bug.cgi?id=781728
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98070
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-8288 : Security Flaw in GNOME Shell Extensions by GNOME | SecurityVulnerability.io