gnome-shell Lock Screen Unauthorized Access Vulnerability

By GIXnews


A vulnerability in gnome-shell could allow a local attacker to gain unauthorized access to a targeted system.

The vulnerability exists because the lock screen feature of the affected software does not properly restrict all contextual actions. An attacker with physical access to a targeted, locked workstation could exploit this vulnerability by right clicking on the password text field. A successful exploit could allow the attacker to bypass the lock screen and re-enable certain keyboard shortcuts, which the attacker could use to perform unauthorized actions on the system.

The GNOME project has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-3820

Source:: Cisco Multivendor Vulnerability Alerts