Bug 2239087 (CVE-2023-43090)

Summary: CVE-2023-43090 gnome-shell: Screenshot tool allows viewing open windows when session is locked
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gnome-shell 43.9, gnome-shell 44.5 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2239088, 2239089    
Bug Blocks: 2239090    

Description Sandipan Roy 2023-09-15 07:21:59 UTC 
GNOME Shell's lock screen allows an unauthenticated local user to view 
windows of the locked desktop session by using keyboard shortcuts to 
unlock restricted functionality of the screenshot tool.

Affected versions: 42, 43 prior to 43.9, 44 prior to 44.5

Discoverer/Credit: Mickael Karatekin at SysDream

References, additional information:
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
Comment 1 Sandipan Roy 2023-09-15 07:23:20 UTC 
Created gnome-shell tracking bugs for this issue:

Affects: fedora-37 [bug 2239088]
Affects: fedora-38 [bug 2239089]