CVE-2020-17489
First published: Tue Aug 11 2020(Updated: )
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME gnome-shell | <=3.36.4 | |
| Canonical Ubuntu Linux | =20.04 | |
| Debian Debian Linux | =9.0 | |
| openSUSE Leap | =15.2 | |
| ubuntu/gnome-shell | <3.36.4-1ubuntu1~20.04.2 | 3.36.4-1ubuntu1~20.04.2 |
| ubuntu/gnome-shell | <3.36.5-1 | 3.36.5-1 |
| debian/gnome-shell | 3.38.6-1~deb11u2 43.9-0+deb12u2 46.4-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html
- https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
- https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html
- https://security.gentoo.org/glsa/202009-08
- https://usn.ubuntu.com/4464-1/
- https://launchpad.net/bugs/cve/CVE-2020-17489
- https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377
- https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04
- https://security-tracker.debian.org/tracker/CVE-2020-17489
- https://ubuntu.com/security/notices/USN-4464-1
- https://www.cve.org/CVERecord?id=CVE-2020-17489
- https://nvd.nist.gov/vuln/detail/CVE-2020-17489
- https://ubuntu.com/security/CVE-2020-17489
Frequently Asked Questions
What is CVE-2020-17489?
CVE-2020-17489 is a vulnerability discovered in certain configurations of GNOME gnome-shell through 3.36.4.
What is the severity of CVE-2020-17489?
The severity of CVE-2020-17489 is medium with a CVSS score of 4.3.
How does CVE-2020-17489 affect the affected software?
CVE-2020-17489 affects GNOME gnome-shell versions 3.30.2-11~deb10u2, 3.38.6-1~deb11u1, 43.6-1~deb12u2, 44.5-2, 3.36.4-1ubuntu1~20.04.2, and 3.36.5-1.
How can I fix CVE-2020-17489?
To fix CVE-2020-17489, update your GNOME gnome-shell installation to version 3.36.5-1 or later.
Where can I find more information about CVE-2020-17489?
You can find more information about CVE-2020-17489 at the following references: [1] [2] [3]
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/gnome
- canonical/gnome gnome-shell
- version/gnome gnome-shell/3.36.4
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/20.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.2
- package-manager/debian
- package-manager/ubuntu