CVE-2019-3820

Advisory lineage Upstream: 0 Downstream: 10

Downstream

DEBIAN-CVE-2019-3820 OPENSUSE-SU-2019:1582-1 OPENSUSE-SU-2024:10797-1 RHSA-2019:3553 RHSA-2020:1021 SUSE-SU-2019:1390-1

Modified

Published: 06 Feb 2019, 20:00

Last modified:04 Aug 2024, 19:19

Vulnerability Summary

Overall Risk (default)

medium

29/100

CVSS Score

4.8 MEDIUM

v3.0 (cve.org)

EPSS Score

0.04% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

06 Feb 2019, 20:00

Published

Vulnerability first disclosed

04 Aug 2024, 19:19

Last Modified

Vulnerability information updated

Description

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

CVSS Metrics

v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
v3.0•MEDIUM•Score: 4.8CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.04%• Percentile: 14%

Techniques & Countermeasures

CWE-287•Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-285•Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Affected Systems

canonical•ubuntu_linux
18.04 | 18.10
gnome•gnome-shell
≥ 3.15.91, < 3.30.3 | ≥ 3.31.0, < 3.31.5
opensuse•leap
15.0 | 15.1 | 42.3
the gnome project•gnome-shell
since 3.15.91