4 results (0.015 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked. Se ha encontrado un fallo de omisión de la protección de bloqueo en algunas versiones de gnome-shell tal y como se distribuye en CentOS Stream 8, cuando las extensiones de GNOME "Application menu" o "Window list" están habilitadas. Este fallo permite a un atacante físico que tenga acceso a un sistema bloqueado matar las aplicaciones existentes e iniciar otras nuevas como el usuario bloqueado, incluso si la sesión sigue bloqueada • https://bugzilla.redhat.com/show_bug.cgi?id=2006285 • CWE-667: Improper Locking •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) Se detectó un problema en determinadas configuraciones de GNOME gnome-shell versiones hasta 3.36.4. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html https://security.gentoo.org/glsa/202009-08 https://usn.ubuntu.com/4464-1 https://access.redhat.com/security/cve/CVE-2020-17489 https://bugzilla.redhat.com/show_bug.cgi?id=1868418 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •

CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 1

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. Se ha descubierto que la pantalla de bloqueo de gnome-shell, desde la versión 3.15.91 no restringió correctamente todas las acciones contextuales. Un atacante con acceso físico a una estación de trabajo bloqueada podría invocar ciertos atajos de teclado y, potencialmente, otras acciones. A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820 https://gitlab.gnome.org/GNOME/gnome-shell/issues/851 https://usn.ubuntu.com/3966-1 https://access.redhat.com/security/cve/CVE-2019-3820 https://bugzilla.redhat.com/show_bug.cgi?id=1669391 • CWE-285: Improper Authorization CWE-287: Improper Authentication •

CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js. Gnome-shell en las versiones 3.22 a la 3.24.1, no gestiona correctamente extensiones que fallan en la recarga, lo que puede llevar a dejar extensiones habilitadas en la pantalla de bloqueo. • http://www.securityfocus.com/bid/98070 https://bugs.kali.org/view.php?id=2513 https://bugzilla.gnome.org/show_bug.cgi?id=781728 https://github.com/EasyScreenCast/EasyScreenCast/issues/46 https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1 • CWE-20: Improper Input Validation •