CVE-2020-17489

4.3MEDIUM

Key Information:

Vendor
Gnome
Status
Gnome-shell
Vendor
CVE Published:
11 August 2020

Summary

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

References

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
x_refsource_MISC
https://usn.ubuntu.com/4464-1/
vendor-advisoryx_refsource_UBUNTU
https://security.gentoo.org/glsa/202009-08
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.