CVE-2019-3820
06.02.2019, 20:29
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-shell | 3.15.91 ≤ 𝑥 < 3.30.3 |
| gnome | gnome-shell | 3.31.0 ≤ 𝑥 < 3.31.5 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
| opensuse | leap | 42.3 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gnome-shell |
|
Common Weakness Enumeration
- CWE-285 - Improper AuthorizationThe software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
References