CVE-2013-7221

The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
gnomegnome-shell
𝑥
≤ 3.9.92
gnomegnome-shell
3.0.0
gnomegnome-shell
3.0.0.1
gnomegnome-shell
3.0.0.2
gnomegnome-shell
3.0.1
gnomegnome-shell
3.0.2
gnomegnome-shell
3.1.3
gnomegnome-shell
3.1.4
gnomegnome-shell
3.1.90
gnomegnome-shell
3.1.90.1
gnomegnome-shell
3.1.91
gnomegnome-shell
3.1.91.1
gnomegnome-shell
3.1.92
gnomegnome-shell
3.2.0
gnomegnome-shell
3.2.1
gnomegnome-shell
3.2.2
gnomegnome-shell
3.2.2.1
gnomegnome-shell
3.3.2
gnomegnome-shell
3.3.3
gnomegnome-shell
3.3.5
gnomegnome-shell
3.3.90
gnomegnome-shell
3.3.91
gnomegnome-shell
3.3.92
gnomegnome-shell
3.4.0
gnomegnome-shell
3.4.1
gnomegnome-shell
3.4.2
gnomegnome-shell
3.5.2
gnomegnome-shell
3.5.3
gnomegnome-shell
3.5.4
gnomegnome-shell
3.5.90
gnomegnome-shell
3.5.91
gnomegnome-shell
3.5.92
gnomegnome-shell
3.6.0
gnomegnome-shell
3.6.1
gnomegnome-shell
3.6.2
gnomegnome-shell
3.6.3
gnomegnome-shell
3.6.3.1
gnomegnome-shell
3.7.1
gnomegnome-shell
3.7.2
gnomegnome-shell
3.7.2.1
gnomegnome-shell
3.7.3
gnomegnome-shell
3.7.3.1
gnomegnome-shell
3.7.4
gnomegnome-shell
3.7.4.1
gnomegnome-shell
3.7.5
gnomegnome-shell
3.7.91
gnomegnome-shell
3.7.92
gnomegnome-shell
3.8.0
gnomegnome-shell
3.8.0.1
gnomegnome-shell
3.8.1
gnomegnome-shell
3.8.2
gnomegnome-shell
3.8.3
gnomegnome-shell
3.8.4
gnomegnome-shell
3.9.1
gnomegnome-shell
3.9.2
gnomegnome-shell
3.9.3
gnomegnome-shell
3.9.4
gnomegnome-shell
3.9.5
gnomegnome-shell
3.9.90
gnomegnome-shell
3.9.91
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-shell
bullseye (security)
3.38.6-1~deb11u2
fixed
bullseye
3.38.6-1~deb11u2
fixed
wheezy
not-affected
bookworm
43.9-0+deb12u2
fixed
bookworm (security)
43.9-0+deb12u2
fixed
sid
47.0-3
fixed
trixie
47.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-shell
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2013/12/27/4
http://www.openwall.com/lists/oss-security/2013/12/27/8
https://bugzilla.gnome.org/show_bug.cgi?id=708313
https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088
http://www.openwall.com/lists/oss-security/2013/12/27/4
http://www.openwall.com/lists/oss-security/2013/12/27/8
https://bugzilla.gnome.org/show_bug.cgi?id=708313
https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088