CVE-2023-43090

A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
fedoraCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
gnomegnome-shell
43 ≤
𝑥
< 43.9
gnomegnome-shell
44 ≤
𝑥
< 44.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-shell
bullseye (security)
3.38.6-1~deb11u2
fixed
bullseye
3.38.6-1~deb11u2
not-affected
buster
not-affected
bookworm
43.9-0+deb12u2
fixed
bookworm (security)
43.9-0+deb12u2
fixed
sid
47.2-2
fixed
trixie
47.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-shell
mantic
Fixed 45.0-1ubuntu1
released
lunar
Fixed 44.3-0ubuntu1.1
released
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2023-43090
https://bugzilla.redhat.com/show_bug.cgi?id=2239087
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
https://access.redhat.com/security/cve/CVE-2023-43090
https://bugzilla.redhat.com/show_bug.cgi?id=2239087
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944