Summaryinfo

A vulnerability was found in GNOME Shell up to 3.7.90. It has been rated as problematic. Impacted is the function Password Obscurer of the component Login Box. This manipulation as part of Eingabe causes information disclosure. In addition, an exploit is available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as problematic was found in GNOME Shell up to 3.7.90. Affected by this vulnerability is the function Password Obscurer of the component Login Box. The manipulation as part of a Eingabe leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality.

The weakness was presented 03/04/2013 by Marcus Moeller as Bug 695104 as not defined bug report (Website). It is possible to read the advisory at bugzilla.gnome.org. The exploitation appears to be easy. Attacking locally is a requirement. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

After immediately, there has been an exploit disclosed. It is possible to download the exploit at bugzilla.gnome.org. It is declared as proof-of-concept.

Upgrading to version 3.7.91 eliminates this vulnerability. A possible mitigation has been published 1 days after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at OSVDB (90953†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• GNOME

Name

• Shell

Version

• 3.7.0
• 3.7.1
• 3.7.2
• 3.7.3
• 3.7.4
• 3.7.5
• 3.7.6
• 3.7.7
• 3.7.8
• 3.7.9
• 3.7.10
• 3.7.11
• 3.7.12
• 3.7.13
• 3.7.14
• 3.7.15
• 3.7.16
• 3.7.17
• 3.7.18
• 3.7.19
• 3.7.20
• 3.7.21
• 3.7.22
• 3.7.23
• 3.7.24
• 3.7.25
• 3.7.26
• 3.7.27
• 3.7.28
• 3.7.29
• 3.7.30
• 3.7.31
• 3.7.32
• 3.7.33
• 3.7.34
• 3.7.35
• 3.7.36
• 3.7.37
• 3.7.38
• 3.7.39
• 3.7.40
• 3.7.41
• 3.7.42
• 3.7.43
• 3.7.44
• 3.7.45
• 3.7.46
• 3.7.47
• 3.7.48
• 3.7.49
• 3.7.50
• 3.7.51
• 3.7.52
• 3.7.53
• 3.7.54
• 3.7.55
• 3.7.56
• 3.7.57
• 3.7.58
• 3.7.59
• 3.7.60
• 3.7.61
• 3.7.62
• 3.7.63
• 3.7.64
• 3.7.65
• 3.7.66
• 3.7.67
• 3.7.68
• 3.7.69
• 3.7.70
• 3.7.71
• 3.7.72
• 3.7.73
• 3.7.74
• 3.7.75
• 3.7.76
• 3.7.77
• 3.7.78
• 3.7.79
• 3.7.80
• 3.7.81
• 3.7.82
• 3.7.83
• 3.7.84
• 3.7.85
• 3.7.86
• 3.7.87
• 3.7.88
• 3.7.89
• 3.7.90

License

• open-source

Website

• Vendor: https://www.gnome.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion