CVE-2019-3820 — MEDIUM (4.3)

Q: How severe is CVE-2019-3820?

CVE-2019-3820 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3820?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gnome-Shell, Opensuse Leap, Canonical Ubuntu Linux.

Vulnerability Description

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Gnome	Gnome-Shell	>= 3.15.91, < 3.30.3
Opensuse	Leap	15.0
Canonical	Ubuntu Linux	18.04

Related Weaknesses (CWE)

CWE-287 CWE-285

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.htmlMailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820ExploitIssue TrackingThird Party Advisory
https://gitlab.gnome.org/GNOME/gnome-shell/issues/851Issue TrackingPatchThird Party Advisory
https://usn.ubuntu.com/3966-1/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.htmlMailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820ExploitIssue TrackingThird Party Advisory
https://gitlab.gnome.org/GNOME/gnome-shell/issues/851Issue TrackingPatchThird Party Advisory
https://usn.ubuntu.com/3966-1/Third Party Advisory

FAQ

What is CVE-2019-3820?

CVE-2019-3820 is a vulnerability with a CVSS score of 4.3 (MEDIUM). It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain...

How severe is CVE-2019-3820?

CVE-2019-3820 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3820?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gnome-Shell, Opensuse Leap, Canonical Ubuntu Linux.