Bug 2239087 (CVE-2023-43090) - CVE-2023-43090 gnome-shell: Screenshot tool allows viewing open windows when session is locked
Summary: CVE-2023-43090 gnome-shell: Screenshot tool allows viewing open windows when ...
Keywords:
Status: NEW
Alias: CVE-2023-43090
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2239089 2239088
Blocks: 2239090
TreeView+ depends on / blocked
 
Reported: 2023-09-15 07:21 UTC by Sandipan Roy
Modified: 2023-09-15 15:56 UTC (History)
0 users

Fixed In Version: gnome-shell 43.9, gnome-shell 44.5
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Sandipan Roy 2023-09-15 07:21:59 UTC
GNOME Shell's lock screen allows an unauthenticated local user to view 
windows of the locked desktop session by using keyboard shortcuts to 
unlock restricted functionality of the screenshot tool.

Affected versions: 42, 43 prior to 43.9, 44 prior to 44.5

Discoverer/Credit: Mickael Karatekin at SysDream

References, additional information:
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944

Comment 1 Sandipan Roy 2023-09-15 07:23:20 UTC
Created gnome-shell tracking bugs for this issue:

Affects: fedora-37 [bug 2239088]
Affects: fedora-38 [bug 2239089]


Note You need to log in before you can comment on or make changes to this bug.