Unrated severityNVD Advisory· Published Feb 6, 2019· Updated Aug 4, 2024

CVE-2019-3820

Description

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

Affected products

osv-coords17 versions
pkg:rpm/opensuse/gnome-shell&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/gnome-shell&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/gnome-shell&distro=openSUSE%20Tumbleweed pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015 pkg:rpm/suse/gnome-shell&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1
< 3.26.2+20180130.0d9c74212-lp151.7.3.1+ 16 more
- (no CPE)range: < 3.26.2+20180130.0d9c74212-lp151.7.3.1
- (no CPE)range: < 3.26.2+20180130.0d9c74212-lp151.7.3.1
- (no CPE)range: < 40.5-1.1
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.26.2+20180130.0d9c74212-4.19.2
- (no CPE)range: < 3.26.2+20180130.0d9c74212-4.19.2
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.20.4-77.23.1
- (no CPE)range: < 3.26.2+20180130.0d9c74212-4.19.2
- (no CPE)range: < 3.26.2+20180130.0d9c74212-4.19.2
The Gnome Project/gnome-shellv5
Range: since 3.15.91

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.htmlmitrevendor-advisoryx_refsource_SUSE
usn.ubuntu.com/3966-1/mitrevendor-advisoryx_refsource_UBUNTU
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
gitlab.gnome.org/GNOME/gnome-shell/issues/851mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000