Bug 1215485 (CVE-2023-43090)

Summary: VUL-0: CVE-2023-43090: gnome-shell: Screenshot tool allows viewing open windows when session is locked
Product: [Novell Products] SUSE Security Incidents Reporter: Cathy Hu <cathy.hu>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: rfrohl, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/379048/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-43090:6.2:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Cathy Hu 2023-09-19 13:34:23 UTC 
CVE-2023-43090

GNOME Shell's lock screen allows an unauthenticated local user to view 
windows of the locked desktop session by using keyboard shortcuts to 
unlock restricted functionality of the screenshot tool.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43090
https://bugzilla.redhat.com/show_bug.cgi?id=2239087
https://security-tracker.debian.org/tracker/DSA-5501-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052067
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
Comment 5 xiaoguang wang 2023-10-08 00:56:02 UTC 
SR accepted. https://build.suse.de/request/show/307919
Comment 6 Robert Frohl 2024-06-05 13:51:18 UTC 
done, closing
Comment 7 OBSbugzilla Bot 2024-07-01 09:35:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1215485) was mentioned in
https://build.opensuse.org/request/show/1184261 Factory / gnome-shell