Remote Code Execution Vulnerability in GNOME Shell
CVE-2024-36472

Currently unrated

Key Information:

Vendor: GNOME
Vendor: CVE Published:; 28 May 2024

Summary

A vulnerability in GNOME Shell prior to version 45.7 allows a portal helper to be launched automatically without user confirmation in response to manipulated network conditions. This may occur under the influence of an adversary controlling the local Wi-Fi network. Once triggered, it can execute untrusted JavaScript code, leading to potential resource consumption or other impacts depending on the nature of the executed code. Awareness of such vulnerabilities underscores the importance of secure network practices and vigilant monitoring to safeguard user environments.

References

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688

Timeline

Vulnerability published
May 28, 2024