CVE-2019-3820

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
gnomegnome-shell
3.15.91 ≤
𝑥
< 3.30.3
gnomegnome-shell
3.31.0 ≤
𝑥
< 3.31.5
opensuseleap
15.0
opensuseleap
15.1
opensuseleap
42.3
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-shell
bookworm
43.9-0+deb12u2
fixed
bookworm (security)
43.9-0+deb12u2
fixed
bullseye
3.38.6-1~deb11u2
fixed
bullseye (security)
3.38.6-1~deb11u2
fixed
jessie
not-affected
sid
47.0-3
fixed
stretch
no-dsa
trixie
47.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-shell
bionic
Fixed 3.28.3+git20190124-0ubuntu18.04.2
released
cosmic
Fixed 3.30.2-0ubuntu1.18.10.2
released
disco
Fixed 3.30.2-3
released
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gnome-extensions
suse enterprise desktop 15 SP4
41.4-150400.1.7
fixed
suse enterprise desktop 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise desktop 15 SP6
45.3-150600.3.2
fixed
suse enterprise desktop 15 SP7
45.3-150700.9.3
fixed
suse enterprise sap 15 SP4
41.4-150400.1.7
fixed
suse enterprise sap 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise sap 15 SP6
45.3-150600.3.2
fixed
suse enterprise sap 15 SP7
45.3-150700.9.3
fixed
suse enterprise server 15 SP4
41.4-150400.1.7
fixed
suse enterprise server 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise server 15 SP6
45.3-150600.3.2
fixed
suse enterprise server 15 SP7
45.3-150700.9.3
fixed
gnome-shell
suse enterprise desktop 15 SP3
3.34.5-8.1
fixed
suse enterprise desktop 15 SP4
41.4-150400.1.7
fixed
suse enterprise desktop 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise desktop 15 SP6
45.3-150600.3.2
fixed
suse enterprise desktop 15 SP7
45.3-150700.9.3
fixed
suse enterprise sap 12 SP3
3.20.4-77.23.1
fixed
suse enterprise sap 12 SP4
3.20.4-77.23.1
fixed
suse enterprise sap 12 SP5
3.20.4-77.23.1
fixed
suse enterprise sap 15 SP3
3.34.5-8.1
fixed
suse enterprise sap 15 SP4
41.4-150400.1.7
fixed
suse enterprise sap 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise sap 15 SP6
45.3-150600.3.2
fixed
suse enterprise sap 15 SP7
45.3-150700.9.3
fixed
suse enterprise server 12 SP3
3.20.4-77.23.1
fixed
suse enterprise server 12 SP4
3.20.4-77.23.1
fixed
suse enterprise server 12 SP5
3.20.4-77.23.1
fixed
suse enterprise server 15 SP3
3.34.5-8.1
fixed
suse enterprise server 15 SP4
41.4-150400.1.7
fixed
suse enterprise server 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise server 15 SP6
45.3-150600.3.2
fixed
suse enterprise server 15 SP7
45.3-150700.9.3
fixed
gnome-shell-browser-plugin
suse enterprise sap 12 SP3
3.20.4-77.23.1
fixed
suse enterprise sap 12 SP4
3.20.4-77.23.1
fixed
suse enterprise sap 12 SP5
3.20.4-77.23.1
fixed
suse enterprise server 12 SP3
3.20.4-77.23.1
fixed
suse enterprise server 12 SP4
3.20.4-77.23.1
fixed
suse enterprise server 12 SP5
3.20.4-77.23.1
fixed
gnome-shell-devel
suse enterprise desktop 15 SP3
3.34.5-8.1
fixed
suse enterprise desktop 15 SP4
41.4-150400.1.7
fixed
suse enterprise desktop 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise desktop 15 SP6
45.3-150600.3.2
fixed
suse enterprise desktop 15 SP7
45.3-150700.9.3
fixed
suse enterprise sap 15 SP3
3.34.5-8.1
fixed
suse enterprise sap 15 SP4
41.4-150400.1.7
fixed
suse enterprise sap 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise sap 15 SP6
45.3-150600.3.2
fixed
suse enterprise sap 15 SP7
45.3-150700.9.3
fixed
suse enterprise server 15 SP3
3.34.5-8.1
fixed
suse enterprise server 15 SP4
41.4-150400.1.7
fixed
suse enterprise server 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise server 15 SP6
45.3-150600.3.2
fixed
suse enterprise server 15 SP7
45.3-150700.9.3
fixed
gnome-shell-lang
suse enterprise desktop 15 SP3
3.34.5-8.1
fixed
suse enterprise desktop 15 SP4
41.4-150400.1.7
fixed
suse enterprise desktop 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise desktop 15 SP6
45.3-150600.3.2
fixed
suse enterprise desktop 15 SP7
45.3-150700.9.3
fixed
suse enterprise sap 12 SP3
3.20.4-77.23.1
fixed
suse enterprise sap 12 SP4
3.20.4-77.23.1
fixed
suse enterprise sap 12 SP5
3.20.4-77.23.1
fixed
suse enterprise sap 15 SP3
3.34.5-8.1
fixed
suse enterprise sap 15 SP4
41.4-150400.1.7
fixed
suse enterprise sap 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise sap 15 SP6
45.3-150600.3.2
fixed
suse enterprise sap 15 SP7
45.3-150700.9.3
fixed
suse enterprise server 12 SP3
3.20.4-77.23.1
fixed
suse enterprise server 12 SP4
3.20.4-77.23.1
fixed
suse enterprise server 12 SP5
3.20.4-77.23.1
fixed
suse enterprise server 15 SP3
3.34.5-8.1
fixed
suse enterprise server 15 SP4
41.4-150400.1.7
fixed
suse enterprise server 15 SP5
41.9-150400.3.8.1
fixed
suse enterprise server 15 SP6
45.3-150600.3.2
fixed
suse enterprise server 15 SP7
45.3-150700.9.3
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
LibRaw
RHEL 7
0:0.19.4-1.el7
fixed
LibRaw-devel
RHEL 7
0:0.19.4-1.el7
fixed
LibRaw-static
RHEL 7
0:0.19.4-1.el7
fixed
SDL
RHEL 8
0:1.2.15-35.el8
fixed
SDL-devel
RHEL 8
0:1.2.15-35.el8
fixed
accountsservice
RHEL 7
0:0.6.50-7.el7
fixed
RHEL 8
0:0.6.50-7.el8
fixed
accountsservice-devel
RHEL 7
0:0.6.50-7.el7
fixed
RHEL 8
0:0.6.50-7.el8
fixed
accountsservice-libs
RHEL 7
0:0.6.50-7.el7
fixed
RHEL 8
0:0.6.50-7.el8
fixed
appstream-data
RHEL 8
0:8-20190805.el8
fixed
baobab
RHEL 8
0:3.28.0-2.el8
fixed
chrome-gnome-shell
RHEL 8
0:10.1-6.el8
fixed
colord
RHEL 7
0:1.3.4-2.el7
fixed
colord-devel
RHEL 7
0:1.3.4-2.el7
fixed
colord-devel-docs
RHEL 7
0:1.3.4-2.el7
fixed
colord-extra-profiles
RHEL 7
0:1.3.4-2.el7
fixed
colord-libs
RHEL 7
0:1.3.4-2.el7
fixed
control-center
RHEL 7
1:3.28.1-6.el7
fixed
control-center-filesystem
RHEL 7
1:3.28.1-6.el7
fixed
evince
RHEL 8
0:3.28.4-3.el8
fixed
evince-browser-plugin
RHEL 8
0:3.28.4-3.el8
fixed
evince-libs
RHEL 8
0:3.28.4-3.el8
fixed
evince-nautilus
RHEL 8
0:3.28.4-3.el8
fixed
file-roller
RHEL 8
0:3.28.1-2.el8
fixed
gdk-pixbuf2
RHEL 8
0:2.36.12-5.el8
fixed
gdk-pixbuf2-devel
RHEL 8
0:2.36.12-5.el8
fixed
gdk-pixbuf2-modules
RHEL 8
0:2.36.12-5.el8
fixed
gdk-pixbuf2-xlib
RHEL 8
0:2.36.12-5.el8
fixed
gdk-pixbuf2-xlib-devel
RHEL 8
0:2.36.12-5.el8
fixed
gdm
RHEL 7
1:3.28.2-22.el7
fixed
RHEL 8
1:3.28.3-22.el8
fixed
gdm-devel
RHEL 7
1:3.28.2-22.el7
fixed
gdm-pam-extensions-devel
RHEL 7
1:3.28.2-22.el7
fixed
gjs
RHEL 8
0:1.56.2-3.el8
fixed
gjs-devel
RHEL 8
0:1.56.2-3.el8
fixed
gnome-classic-session
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-control-center
RHEL 8
0:3.28.2-5.el8
fixed
gnome-control-center-filesystem
RHEL 8
0:3.28.2-5.el8
fixed
gnome-desktop3
RHEL 8
0:3.32.2-1.el8
fixed
gnome-desktop3-devel
RHEL 8
0:3.32.2-1.el8
fixed
gnome-online-accounts
RHEL 7
0:3.28.2-1.el7
fixed
gnome-online-accounts-devel
RHEL 7
0:3.28.2-1.el7
fixed
gnome-remote-desktop
RHEL 8
0:0.1.6-5.el8
fixed
gnome-settings-daemon
RHEL 7
0:3.28.1-8.el7
fixed
RHEL 8
0:3.32.0-4.el8
fixed
gnome-settings-daemon-devel
RHEL 7
0:3.28.1-8.el7
fixed
gnome-shell
RHEL 7
0:3.28.3-24.el7
fixed
RHEL 8
0:3.32.2-9.el8
fixed
gnome-shell-extension-alternate-tab
RHEL 7
0:3.28.1-11.el7
fixed
gnome-shell-extension-apps-menu
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-auto-move-windows
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-common
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-dash-to-dock
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-desktop-icons
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-disable-screenshield
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-drive-menu
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-extra-osk-keys
RHEL 7
0:3.28.1-11.el7
fixed
gnome-shell-extension-horizontal-workspaces
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-launch-new-instance
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-native-window-placement
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-no-hot-corner
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-panel-favorites
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-places-menu
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-screenshot-window-sizer
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-systemMonitor
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-top-icons
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-updates-dialog
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-user-theme
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-window-grouper
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-window-list
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-windowsNavigator
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-shell-extension-workspace-indicator
RHEL 7
0:3.28.1-11.el7
fixed
RHEL 8
0:3.32.1-10.el8
fixed
gnome-software
RHEL 8
0:3.30.6-2.el8
fixed
gnome-software-editor
RHEL 8
0:3.30.6-2.el8
fixed
gnome-tweak-tool
RHEL 7
0:3.28.1-7.el7
fixed
gnome-tweaks
RHEL 8
0:3.28.1-6.el8
fixed
gsettings-desktop-schemas
RHEL 7
0:3.28.0-3.el7
fixed
RHEL 8
0:3.32.0-3.el8
fixed
gsettings-desktop-schemas-devel
RHEL 7
0:3.28.0-3.el7
fixed
RHEL 8
0:3.32.0-3.el8
fixed
gtk-update-icon-cache
RHEL 7
0:3.22.30-5.el7
fixed
RHEL 8
0:3.22.30-4.el8
fixed
gtk3
RHEL 7
0:3.22.30-5.el7
fixed
RHEL 8
0:3.22.30-4.el8
fixed
gtk3-devel
RHEL 7
0:3.22.30-5.el7
fixed
RHEL 8
0:3.22.30-4.el8
fixed
gtk3-devel-docs
RHEL 7
0:3.22.30-5.el7
fixed
gtk3-immodule-xim
RHEL 7
0:3.22.30-5.el7
fixed
RHEL 8
0:3.22.30-4.el8
fixed
gtk3-immodules
RHEL 7
0:3.22.30-5.el7
fixed
gtk3-tests
RHEL 7
0:3.22.30-5.el7
fixed
gvfs
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-afc
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-afp
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-archive
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-client
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-devel
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-fuse
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-goa
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-gphoto2
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-mtp
RHEL 8
0:1.36.2-6.el8
fixed
gvfs-smb
RHEL 8
0:1.36.2-6.el8
fixed
libcanberra
RHEL 7
0:0.30-9.el7
fixed
libcanberra-devel
RHEL 7
0:0.30-9.el7
fixed
libcanberra-gtk2
RHEL 7
0:0.30-9.el7
fixed
libcanberra-gtk3
RHEL 7
0:0.30-9.el7
fixed
libgweather
RHEL 7
0:3.28.2-3.el7
fixed
libgweather-devel
RHEL 7
0:3.28.2-3.el7
fixed
libpurple
RHEL 8
0:2.13.0-5.el8
fixed
libpurple-devel
RHEL 8
0:2.13.0-5.el8
fixed
mozjs60
RHEL 8
0:60.9.0-3.el8
fixed
mozjs60-devel
RHEL 8
0:60.9.0-3.el8
fixed
mutter
RHEL 7
0:3.28.3-20.el7
fixed
RHEL 8
0:3.32.2-10.el8
fixed
mutter-devel
RHEL 7
0:3.28.3-20.el7
fixed
RHEL 8
0:3.32.2-10.el8
fixed
nautilus
RHEL 7
0:3.26.3.1-7.el7
fixed
RHEL 8
0:3.28.1-10.el8
fixed
nautilus-devel
RHEL 7
0:3.26.3.1-7.el7
fixed
RHEL 8
0:3.28.1-10.el8
fixed
nautilus-extensions
RHEL 7
0:3.26.3.1-7.el7
fixed
RHEL 8
0:3.28.1-10.el8
fixed
osinfo-db
RHEL 7
0:20190805-2.el7
fixed
pango
RHEL 8
0:1.42.4-6.el8
fixed
pango-devel
RHEL 8
0:1.42.4-6.el8
fixed
pidgin
RHEL 8
0:2.13.0-5.el8
fixed
pidgin-devel
RHEL 8
0:2.13.0-5.el8
fixed
plymouth
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-core-libs
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-graphics-libs
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-plugin-fade-throbber
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-plugin-label
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-plugin-script
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-plugin-space-flares
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-plugin-throbgress
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-plugin-two-step
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-scripts
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-system-theme
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-theme-charge
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-theme-fade-in
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-theme-script
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-theme-solar
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-theme-spinfinity
RHEL 8
0:0.9.3-15.el8
fixed
plymouth-theme-spinner
RHEL 8
0:0.9.3-15.el8
fixed
shared-mime-info
RHEL 7
0:1.8-5.el7
fixed
tracker
RHEL 7
0:1.10.5-8.el7
fixed
tracker-devel
RHEL 7
0:1.10.5-8.el7
fixed
tracker-docs
RHEL 7
0:1.10.5-8.el7
fixed
tracker-needle
RHEL 7
0:1.10.5-8.el7
fixed
tracker-preferences
RHEL 7
0:1.10.5-8.el7
fixed
wayland-protocols-devel
RHEL 8
0:1.17-1.el8
fixed
webkit2gtk3
RHEL 8
0:2.24.3-1.el8
fixed
webkit2gtk3-devel
RHEL 8
0:2.24.3-1.el8
fixed
webkit2gtk3-jsc
RHEL 8
0:2.24.3-1.el8
fixed
webkit2gtk3-jsc-devel
RHEL 8
0:2.24.3-1.el8
fixed
webkit2gtk3-plugin-process-gtk2
RHEL 8
0:2.24.3-1.el8
fixed
xchat
RHEL 7
1:2.8.8-25.el7
fixed
xchat-tcl
RHEL 7
1:2.8.8-25.el7
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820
https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
https://usn.ubuntu.com/3966-1/
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820
https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
https://usn.ubuntu.com/3966-1/