Name | CVE-2023-43090 |
Description | A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-5501-1 |
Debian Bugs | 1052067 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
gnome-shell (PTS) | bullseye (security), bullseye | 3.38.6-1~deb11u2 | fixed |
| bookworm, bookworm (security) | 43.9-0+deb12u2 | fixed |
| sid, trixie | 47.1-2 | fixed |
The information below is based on the following data on fixed versions.
Notes
[bullseye] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)
[buster] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/521525948eed85cc27c0796a0b9569d161df81ba
Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/671df28a509ae208e158976f0855d91fdbea16a1
Introduced around: https://gitlab.gnome.org/GNOME/gnome-shell/-/8ebc478f0f24720870c4911aef707f4dc34d140c