Bug 1215485 (CVE-2023-43090) - VUL-0: CVE-2023-43090: gnome-shell: Screenshot tool allows viewing open windows when session is locked
Summary: VUL-0: CVE-2023-43090: gnome-shell: Screenshot tool allows viewing open windo...
Status: RESOLVED FIXED
Alias: CVE-2023-43090
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/379048/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-43090:6.2:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-19 13:16 UTC by Cathy Hu
Modified: 2024-07-16 08:40 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Cathy Hu 2023-09-19 13:34:23 UTC 
CVE-2023-43090

GNOME Shell's lock screen allows an unauthenticated local user to view 
windows of the locked desktop session by using keyboard shortcuts to 
unlock restricted functionality of the screenshot tool.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43090
https://bugzilla.redhat.com/show_bug.cgi?id=2239087
https://security-tracker.debian.org/tracker/DSA-5501-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052067
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
Comment 5 xiaoguang wang 2023-10-08 00:56:02 UTC 
SR accepted. https://build.suse.de/request/show/307919
Comment 6 Robert Frohl 2024-06-05 13:51:18 UTC 
done, closing
Comment 7 OBSbugzilla Bot 2024-07-01 09:35:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1215485) was mentioned in
https://build.opensuse.org/request/show/1184261 Factory / gnome-shell