Vulnerability Description
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Gnome-Shell | <= 3.7.92 |
References
- http://www.openwall.com/lists/oss-security/2013/12/27/4
- http://www.openwall.com/lists/oss-security/2013/12/27/6
- http://www.openwall.com/lists/oss-security/2013/12/27/8
- https://bugzilla.gnome.org/show_bug.cgi?id=686740
- https://bugzilla.redhat.com/show_bug.cgi?id=1030431
- https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j
- http://www.openwall.com/lists/oss-security/2013/12/27/4
- http://www.openwall.com/lists/oss-security/2013/12/27/6
- http://www.openwall.com/lists/oss-security/2013/12/27/8
- https://bugzilla.gnome.org/show_bug.cgi?id=686740
- https://bugzilla.redhat.com/show_bug.cgi?id=1030431
- https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j
FAQ
What is CVE-2013-7220?
CVE-2013-7220 is a vulnerability with a CVSS score of 4.6 (MEDIUM). js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on...
How severe is CVE-2013-7220?
CVE-2013-7220 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7220?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gnome-Shell.