Exposure of Data Element to Wrong Session Affecting gnome-shell package, versions [43,43.9)[44,44.5)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-GNOMESHELL-5903042
  • published15 Sept 2023
  • disclosed15 Sept 2023
  • creditMickael Karatekin

Introduced: 15 Sep 2023

CVE-2023-43090  (opens in a new tab)
CWE-488  (opens in a new tab)

How to fix?

Upgrade gnome-shell to version 43.9, 44.5 or higher.

Overview

Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to insufficient checks in the screenshot.js file, which allows viewing open windows when the session is locked.

CVSS Base Scores

version 3.1