High severity8.1NVD Advisory· Published Apr 27, 2017· Updated May 13, 2026
CVE-2017-8288
CVE-2017-8288
Description
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.
Affected products
12cpe:2.3:a:gnome:gnome-shell:3.22.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:gnome:gnome-shell:3.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.22.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.22.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.22.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.23.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.23.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.23.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-shell:3.24.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1nvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/98070nvdThird Party AdvisoryVDB Entry
- github.com/EasyScreenCast/EasyScreenCast/issues/46nvdThird Party Advisory
- bugs.kali.org/view.phpnvdIssue Tracking
- bugzilla.gnome.org/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.