Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-20315

Опубликовано: 31 авг. 2021
Источник: redhat
CVSS3: 5.7

Описание

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

Отчет

The flaw only affects some specific versions of CentOS Stream 8. This issue did not affect the versions of gnome-shell as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include the vulnerable code.

Меры по смягчению последствий

Disable enabled GNOME extensions, such as "Application menu" or "Window list".

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7gnome-shellNot affected
Red Hat Enterprise Linux 8gnome-shellNot affected
Red Hat Enterprise Linux 9gnome-shellNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-667
https://bugzilla.redhat.com/show_bug.cgi?id=2006285gnome-shell: locking protection bypass allow unauthorized user to kill existing applications or start new ones

5.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-20315

CVSS3: 6.1
ubuntu
почти 4 года назад

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

nvd логотип

CVE-2021-20315

CVSS3: 6.1
nvd
почти 4 года назад

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

debian логотип

CVE-2021-20315

CVSS3: 6.1
debian
почти 4 года назад

A locking protection bypass flaw was found in some versions of gnome-s ...

github логотип

GHSA-hpr5-wwh9-pjhf

CVSS3: 6.1
github
почти 4 года назад

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

5.7 Medium

CVSS3