Gnome Shell
CVE-2019-3820
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
AnalysisAI
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-285. It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. Affected products include: Gnome Gnome-Shell, Opensuse Leap, Canonical Ubuntu Linux. Version information: version 3.15.91.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Gnome Shell
View allThe gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extens
A vulnerability was found in GNOME Shell. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. Rated medium severity (CVSS 4.3),
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbit
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Ent
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today