CVE-2013-7220

js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
gnomegnome-shell
𝑥
≤ 3.7.92
gnomegnome-shell
3.0.0
gnomegnome-shell
3.0.0.1
gnomegnome-shell
3.0.0.2
gnomegnome-shell
3.0.1
gnomegnome-shell
3.0.2
gnomegnome-shell
3.1.3
gnomegnome-shell
3.1.4
gnomegnome-shell
3.1.90
gnomegnome-shell
3.1.90.1
gnomegnome-shell
3.1.91
gnomegnome-shell
3.1.91.1
gnomegnome-shell
3.1.92
gnomegnome-shell
3.2.0
gnomegnome-shell
3.2.1
gnomegnome-shell
3.2.2
gnomegnome-shell
3.2.2.1
gnomegnome-shell
3.3.2
gnomegnome-shell
3.3.3
gnomegnome-shell
3.3.5
gnomegnome-shell
3.3.90
gnomegnome-shell
3.3.91
gnomegnome-shell
3.3.92
gnomegnome-shell
3.4.0
gnomegnome-shell
3.4.1
gnomegnome-shell
3.4.2
gnomegnome-shell
3.5.2
gnomegnome-shell
3.5.3
gnomegnome-shell
3.5.4
gnomegnome-shell
3.5.90
gnomegnome-shell
3.5.91
gnomegnome-shell
3.5.92
gnomegnome-shell
3.6.0
gnomegnome-shell
3.6.1
gnomegnome-shell
3.6.2
gnomegnome-shell
3.6.3
gnomegnome-shell
3.6.3.1
gnomegnome-shell
3.7.1
gnomegnome-shell
3.7.2
gnomegnome-shell
3.7.2.1
gnomegnome-shell
3.7.3
gnomegnome-shell
3.7.3.1
gnomegnome-shell
3.7.4
gnomegnome-shell
3.7.4.1
gnomegnome-shell
3.7.5
gnomegnome-shell
3.7.91
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-shell
bullseye (security)
3.38.6-1~deb11u2
fixed
bullseye
3.38.6-1~deb11u2
fixed
wheezy
not-affected
bookworm
43.9-0+deb12u2
fixed
bookworm (security)
43.9-0+deb12u2
fixed
sid
47.0-3
fixed
trixie
47.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-shell
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
References
http://www.openwall.com/lists/oss-security/2013/12/27/4
http://www.openwall.com/lists/oss-security/2013/12/27/6
http://www.openwall.com/lists/oss-security/2013/12/27/8
https://bugzilla.gnome.org/show_bug.cgi?id=686740
https://bugzilla.redhat.com/show_bug.cgi?id=1030431
https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j
http://www.openwall.com/lists/oss-security/2013/12/27/4
http://www.openwall.com/lists/oss-security/2013/12/27/6
http://www.openwall.com/lists/oss-security/2013/12/27/8
https://bugzilla.gnome.org/show_bug.cgi?id=686740
https://bugzilla.redhat.com/show_bug.cgi?id=1030431
https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j