CVE-2017-8288
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.
Gnome-shell en las versiones 3.22 a la 3.24.1, no gestiona correctamente extensiones que fallan en la recarga, lo que puede llevar a dejar extensiones habilitadas en la pantalla de bloqueo. Con estas extensiones, un usuario puede iniciar aplicaciones (pero no interactuar con ellas). Ver información de las extensiones (por ejemplo, qué aplicaciones se han abierto o qué música se está reproduciendo) o incluso ejecutar comandos arbitrarios. Todo depende de las extensiones habiliadas por el usuario. El problema se debe a la falta de gestión de excepciones en js/ui/extensionSystem.js.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-26 CVE Reserved
- 2017-04-27 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/98070 | Third Party Advisory | |
https://bugs.kali.org/view.php?id=2513 | Issue Tracking | |
https://bugzilla.gnome.org/show_bug.cgi?id=781728 | Issue Tracking | |
https://github.com/EasyScreenCast/EasyScreenCast/issues/46 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1 | 2017-05-10 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.22.0 Search vendor "Gnome" for product "Gnome-shell" and version "3.22.0" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.22.1 Search vendor "Gnome" for product "Gnome-shell" and version "3.22.1" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.22.2 Search vendor "Gnome" for product "Gnome-shell" and version "3.22.2" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.22.3 Search vendor "Gnome" for product "Gnome-shell" and version "3.22.3" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.23.1 Search vendor "Gnome" for product "Gnome-shell" and version "3.23.1" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.23.2 Search vendor "Gnome" for product "Gnome-shell" and version "3.23.2" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.23.3 Search vendor "Gnome" for product "Gnome-shell" and version "3.23.3" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.23.90 Search vendor "Gnome" for product "Gnome-shell" and version "3.23.90" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.23.91 Search vendor "Gnome" for product "Gnome-shell" and version "3.23.91" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.23.92 Search vendor "Gnome" for product "Gnome-shell" and version "3.23.92" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.24.0 Search vendor "Gnome" for product "Gnome-shell" and version "3.24.0" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | 3.24.1 Search vendor "Gnome" for product "Gnome-shell" and version "3.24.1" | - |
Affected
|