Gnome-Shell Lock Screen Vulnerability in GNOME Software
CVE-2019-3820

4.8MEDIUM

Key Information:

Vendor
The Gnome Project
Status
Gnome-shell
Vendor
CVE Published:
6 February 2019

Summary

A vulnerability exists in the Gnome-Shell lock screen that fails to adequately limit contextual actions for users with physical access to a locked workstation. As a result, an attacker could exploit certain keyboard shortcuts, and potentially other functionalities, to gain unauthorized access or perform unintended operations within the system, compromising the security intended by the lock screen.

Affected Version(s)

gnome-shell since 3.15.91

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820
x_refsource_CONFIRM
https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
x_refsource_MISC
https://usn.ubuntu.com/3966-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-3820 : Gnome-Shell Lock Screen Vulnerability in GNOME Software | SecurityVulnerability.io