CVE-2023-43090

EUVD-2023-47511
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
fedoraCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
gnomegnome-shell
43 ≤
𝑥
< 43.9
gnomegnome-shell
44 ≤
𝑥
< 44.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-shell
bookworm
43.9-0+deb12u2
fixed
bookworm (security)
43.9-0+deb12u2
fixed
bullseye
3.38.6-1~deb11u2
not-affected
bullseye (security)
3.38.6-1~deb11u2
fixed
buster
not-affected
sid
47.2-2
fixed
trixie
47.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-shell
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
Fixed 44.3-0ubuntu1.1
released
mantic
Fixed 45.0-1ubuntu1
released
trusty
ignored
xenial
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2023-43090
https://bugzilla.redhat.com/show_bug.cgi?id=2239087
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
https://access.redhat.com/security/cve/CVE-2023-43090
https://bugzilla.redhat.com/show_bug.cgi?id=2239087
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944