CVE-2017-8288

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-8288

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8288.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-8288

Related

Published

2017-04-27T00:59:00Z

Modified

2024-09-11T04:26:16.223104Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.

References

Affected packages

Debian:11 / gnome-shell

Package

Name: gnome-shell
Purl: pkg:deb/debian/gnome-shell?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.3-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gnome-shell

Package

Name: gnome-shell
Purl: pkg:deb/debian/gnome-shell?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.3-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gnome-shell

Package

Name: gnome-shell
Purl: pkg:deb/debian/gnome-shell?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.3-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gnome/gnome-shell

Affected ranges

Type: GIT
Repo: https://github.com/gnome/gnome-shell
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ff425d1db7082e2755d2a405af53861552acf2a1

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/gnome-shell
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

05a941050d1e9ded045a59285f3ebf301d810904

Last affected

08a159d0d829d0d47e7e2a45a30455a10caec4d0

Last affected

22131d99ad7e3d80ea69be1dadcd8fbb12cdc8b6

Last affected

3b7a4b08e2dec9ca5e76419e678b20c39b69ac79

Last affected

577e261d1a19ad734e34f71e930c8d079234b066

Last affected

6ebabd50c624368a4cf91d04eb2ee6d7019424cf

Last affected

7e803fdf236999ef9bce529f20aee37970cbcccb

Last affected

803406d601922610d220ed3ed1a859a70c731f26

Last affected

adc811ff8f60dce5936bb1b20462c50d6e8c1a79

Last affected

b66dff8aed161063b41d033774b0c5c95d6b0d86

Last affected

e581e249ad6765f04ef5fab0e3752207fff78a28

Last affected

fbc60199bc67de9cdabcb123802142f2ba9e0a5b

Affected versions

2.*

2.27.0

2.27.1

2.27.2

2.27.3

2.28.0

2.29.0

2.29.1

2.31.2

2.31.4

2.31.5

2.91.0

2.91.1

2.91.2

2.91.3

2.91.4

2.91.5

2.91.6

2.91.90

2.91.91

2.91.92

2.91.93

3.*

3.0.0

3.0.0.1

3.0.0.2

3.0.1

3.1.3

3.1.4

3.1.90

3.1.90.1

3.1.91

3.1.91.1

3.1.92

3.10.0

3.10.0.1

3.10.1

3.11.1

3.11.2

3.11.3

3.11.5

3.11.90

3.11.91

3.11.92

3.12.0

3.13.1

3.13.2

3.13.3

3.13.4

3.13.90

3.13.91

3.13.92

3.14.0

3.14.1

3.15.1

3.15.2

3.15.3

3.15.4

3.15.90

3.15.91

3.15.92

3.16.0

3.16.1

3.17.1

3.17.2

3.17.3

3.17.4

3.17.90

3.17.91

3.17.92

3.18.0

3.18.1

3.19.1

3.19.2

3.19.3

3.19.4

3.19.90

3.19.91

3.19.92

3.2.0

3.2.1

3.20.0

3.20.1

3.21.1

3.21.2

3.21.3

3.21.4

3.21.90

3.21.90.1

3.21.91

3.21.92

3.22.0

3.22.1

3.22.2

3.22.3

3.23.1

3.23.2

3.23.3

3.23.90

3.23.91

3.23.92

3.24.0

3.3.2

3.3.3

3.3.4

3.3.5

3.3.90

3.3.92

3.4.0

3.4.1

3.5.2

3.5.3

3.5.4

3.5.5

3.5.90

3.5.91

3.5.92

3.6.0

3.6.1

3.7.1

3.7.2

3.7.3

3.7.4

3.7.4.1

3.7.5

3.7.90

3.7.91

3.7.92

3.8.0

3.8.0.1

3.8.1

3.9.1

3.9.2

3.9.3

3.9.4

3.9.5

3.9.90

3.9.91

3.9.92