CVE-2013-7220

EUVD-2013-7003
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
gnomegnome-shell
𝑥
≤ 3.7.92
gnomegnome-shell
3.0.0
gnomegnome-shell
3.0.0.1
gnomegnome-shell
3.0.0.2
gnomegnome-shell
3.0.1
gnomegnome-shell
3.0.2
gnomegnome-shell
3.1.3
gnomegnome-shell
3.1.4
gnomegnome-shell
3.1.90
gnomegnome-shell
3.1.90.1
gnomegnome-shell
3.1.91
gnomegnome-shell
3.1.91.1
gnomegnome-shell
3.1.92
gnomegnome-shell
3.2.0
gnomegnome-shell
3.2.1
gnomegnome-shell
3.2.2
gnomegnome-shell
3.2.2.1
gnomegnome-shell
3.3.2
gnomegnome-shell
3.3.3
gnomegnome-shell
3.3.5
gnomegnome-shell
3.3.90
gnomegnome-shell
3.3.91
gnomegnome-shell
3.3.92
gnomegnome-shell
3.4.0
gnomegnome-shell
3.4.1
gnomegnome-shell
3.4.2
gnomegnome-shell
3.5.2
gnomegnome-shell
3.5.3
gnomegnome-shell
3.5.4
gnomegnome-shell
3.5.90
gnomegnome-shell
3.5.91
gnomegnome-shell
3.5.92
gnomegnome-shell
3.6.0
gnomegnome-shell
3.6.1
gnomegnome-shell
3.6.2
gnomegnome-shell
3.6.3
gnomegnome-shell
3.6.3.1
gnomegnome-shell
3.7.1
gnomegnome-shell
3.7.2
gnomegnome-shell
3.7.2.1
gnomegnome-shell
3.7.3
gnomegnome-shell
3.7.3.1
gnomegnome-shell
3.7.4
gnomegnome-shell
3.7.4.1
gnomegnome-shell
3.7.5
gnomegnome-shell
3.7.91
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-shell
bookworm
43.9-0+deb12u2
fixed
bookworm (security)
43.9-0+deb12u2
fixed
bullseye
3.38.6-1~deb11u2
fixed
bullseye (security)
3.38.6-1~deb11u2
fixed
sid
47.0-3
fixed
trixie
47.0-3
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-shell
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
not-affected
zesty
not-affected
References
http://www.openwall.com/lists/oss-security/2013/12/27/4
http://www.openwall.com/lists/oss-security/2013/12/27/6
http://www.openwall.com/lists/oss-security/2013/12/27/8
https://bugzilla.gnome.org/show_bug.cgi?id=686740
https://bugzilla.redhat.com/show_bug.cgi?id=1030431
https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j
http://www.openwall.com/lists/oss-security/2013/12/27/4
http://www.openwall.com/lists/oss-security/2013/12/27/6
http://www.openwall.com/lists/oss-security/2013/12/27/8
https://bugzilla.gnome.org/show_bug.cgi?id=686740
https://bugzilla.redhat.com/show_bug.cgi?id=1030431
https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j