CVE-2023-43090: Gnome-shell: screenshot tool allows viewing open windows when session is locked
First published: Fri Sep 15 2023(Updated: )
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME gnome-shell | >=43<43.9 | |
| GNOME gnome-shell | >=44<44.5 | |
| GNOME gnome-shell | =42 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| redhat/gnome-shell | <43.9 | 43.9 |
| redhat/gnome-shell | <44.5 | 44.5 |
| ubuntu/gnome-shell | <44.3-0ubuntu1.1 | 44.3-0ubuntu1.1 |
| ubuntu/gnome-shell | <45.0-1ubuntu1 | 45.0-1ubuntu1 |
| ubuntu/gnome-shell | <44.5-1 | 44.5-1 |
| debian/gnome-shell | 3.30.2-11~deb10u2 3.38.6-1~deb11u1 3.38.6-1~deb11u2 43.9-0+deb12u1 43.9-0+deb12u2 44.9-2 | |
| >=43<43.9 | ||
| >=44<44.5 | ||
| =42 | ||
| =37 | ||
| =38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2023-43090 https://nvd.nist.gov/vuln/detail/CVE-2023-43090 https://bugzilla.redhat.com/show_bug.cgi?id=2239087 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990 https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
- https://bugzilla.redhat.com/show_bug.cgi?id=2239087
- https://access.redhat.com/security/cve/CVE-2023-43090
- https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
- https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
- https://launchpad.net/bugs/cve/CVE-2023-43090
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2239088
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2239089
- https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/521525948eed85cc27c0796a0b9569d161df81ba
- https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/671df28a509ae208e158976f0855d91fdbea16a1
- https://gitlab.gnome.org/GNOME/gnome-shell/-/8ebc478f0f24720870c4911aef707f4dc34d140c
- https://security-tracker.debian.org/tracker/CVE-2023-43090
- https://ubuntu.com/security/notices/USN-6395-1
- https://www.cve.org/CVERecord?id=CVE-2023-43090
- https://nvd.nist.gov/vuln/detail/CVE-2023-43090
- https://ubuntu.com/security/CVE-2023-43090
Frequently Asked Questions
What is CVE-2023-43090?
CVE-2023-43090 is a vulnerability found in GNOME Shell that allows an unauthenticated local user to view windows of the locked desktop session.
How does the vulnerability in CVE-2023-43090 work?
The vulnerability in CVE-2023-43090 is due to GNOME Shell's lock screen allowing access to the screenshot tool, which can be used to unlock the restricted functionality and view windows of the locked session.
What is the severity of CVE-2023-43090?
The severity of CVE-2023-43090 is medium, with a CVSS score of 5.5.
Which software versions are affected by CVE-2023-43090?
GNOME Shell versions up to 43.9 and 44.5 are affected by CVE-2023-43090.
How can I fix CVE-2023-43090?
To fix CVE-2023-43090, update GNOME Shell to version 43.9 or higher.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/author
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-43090
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/title
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/gnome
- canonical/gnome gnome-shell
- version/gnome gnome-shell/43
- version/gnome gnome-shell/44
- version/gnome gnome-shell/42
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- package-manager/redhat
- package-manager/ubuntu
- package-manager/debian