Bug 1667102 (CVE-2018-20681)

Summary: CVE-2018-20681 mate-screensaver: Mate-screensaver before 1.20.2 in mate desktop environment allows physically proximate attackers to view screen content and possibly control application
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: fedora, stefano
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: mate-screensaver-1.20.3 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-27 03:23:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dhananjay Arunesh 2019-01-17 13:08:13 UTC
Mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically
proximate attackers to view screen content and possibly control applications. By
unplugging and re-plugging or power-cycling external output devices (such as
additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of
a screensaver-locked session can be revealed. In some scenarios, the attacker
can execute applications, such as by clicking with a mouse.

Upstream Issue:


https://github.com/mate-desktop/mate-screensaver/issues/155