CVE-2017-8288

Опубликовано: 27 апр. 2017

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.8

CVSS3: 8.1

Описание

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.

Релиз	Статус	Примечание
artful	not-affected	3.24.2-0ubuntu6
bionic	not-affected	3.24.2-0ubuntu6
cosmic	not-affected	3.24.2-0ubuntu6
devel	not-affected	3.24.2-0ubuntu6
disco	not-affected	3.24.2-0ubuntu6
eoan	not-affected	3.24.2-0ubuntu6
esm-apps/xenial	released	3.18.5-0ubuntu0.3+esm1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needed]
esm-infra/bionic	not-affected	3.24.2-0ubuntu6
esm-infra/focal	not-affected	3.24.2-0ubuntu6

Показывать по

Ссылки на источники

EPSS

Процентиль: 54%

0.00309

Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

CVE-2017-8288

CVSS3: 4.3

redhat

почти 9 лет назад

CVE-2017-8288

CVSS3: 8.1

nvd

почти 9 лет назад

CVE-2017-8288

CVSS3: 8.1

debian

почти 9 лет назад

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to rel ...

openSUSE-SU-2017:2273-1

suse-cvrf

больше 8 лет назад

Security update for gnome-shell

SUSE-SU-2017:2217-1

suse-cvrf

больше 8 лет назад

Security update for gnome-shell

EPSS

Процентиль: 54%

0.00309

Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

CVE-2017-8288

Описание

Пакет gnome-shell

Ссылки на источники

Связанные уязвимости