Bug 1868418 (CVE-2020-17489)
| Summary: | CVE-2020-17489 gnome-shell: Password from logged-out user may be shown on login screen | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | fmuellner, gnome-sig, jadahl, otaylor, philip.wyett, rstrode |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | gnome-shell 3.37.3 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-11 05:45:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1868419, 1874259 | ||
| Bug Blocks: | 1868420 | ||
|
Description
Michael Kaplan
2020-08-12 15:15:26 UTC
Created gnome-shell tracking bugs for this issue: Affects: fedora-all [bug 1868419] Mitigation: Do not use the "view password" context menu option when logging into gnome-shell. Statement: This flaw does not affect gnome-shell as shipped with Red Hat Enterprise Linux 6 or 7. For 6, there is no option to view the password in the clear at login, and for 7, the login screen is killed upon login. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1814 https://access.redhat.com/errata/RHSA-2022:1814 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-17489 |