CVE-2019-3820

4.8MEDIUM

Key Information:

Vendor: The Gnome Project
Status: Gnome-shell
Vendor: CVE Published:; 6 February 2019

Summary

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

Affected Version(s)

gnome-shell since 3.15.91

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820

x_refsource_CONFIRM

https://gitlab.gnome.org/GNOME/gnome-shell/issues/851

x_refsource_MISC

https://usn.ubuntu.com/3966-1/

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 6, 2019
Vulnerability Reserved
Jan 3, 2019

.