// For flags

CVE-2017-8288

 

Severity Score

8.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.

Gnome-shell en las versiones 3.22 a la 3.24.1, no gestiona correctamente extensiones que fallan en la recarga, lo que puede llevar a dejar extensiones habilitadas en la pantalla de bloqueo. Con estas extensiones, un usuario puede iniciar aplicaciones (pero no interactuar con ellas). Ver información de las extensiones (por ejemplo, qué aplicaciones se han abierto o qué música se está reproduciendo) o incluso ejecutar comandos arbitrarios. Todo depende de las extensiones habiliadas por el usuario. El problema se debe a la falta de gestión de excepciones en js/ui/extensionSystem.js.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-04-26 CVE Reserved
  • 2017-04-27 CVE Published
  • 2023-05-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.22.0
Search vendor "Gnome" for product "Gnome-shell" and version "3.22.0"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.22.1
Search vendor "Gnome" for product "Gnome-shell" and version "3.22.1"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.22.2
Search vendor "Gnome" for product "Gnome-shell" and version "3.22.2"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.22.3
Search vendor "Gnome" for product "Gnome-shell" and version "3.22.3"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.23.1
Search vendor "Gnome" for product "Gnome-shell" and version "3.23.1"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.23.2
Search vendor "Gnome" for product "Gnome-shell" and version "3.23.2"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.23.3
Search vendor "Gnome" for product "Gnome-shell" and version "3.23.3"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.23.90
Search vendor "Gnome" for product "Gnome-shell" and version "3.23.90"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.23.91
Search vendor "Gnome" for product "Gnome-shell" and version "3.23.91"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.23.92
Search vendor "Gnome" for product "Gnome-shell" and version "3.23.92"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.24.0
Search vendor "Gnome" for product "Gnome-shell" and version "3.24.0"
-
Affected
Gnome
Search vendor "Gnome"
Gnome-shell
Search vendor "Gnome" for product "Gnome-shell"
3.24.1
Search vendor "Gnome" for product "Gnome-shell" and version "3.24.1"
-
Affected