CVE-2013-7221

gnome-shell < 3.10 - Unauthenticated Arbitrary Command Execution via Unlocked Screen

Title source: llm

Description

The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.

References (4)

Core 4

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/12/27/4

Patch x_refsource_confirm

https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/12/27/8

Issue Tracking x_refsource_confirm

https://bugzilla.gnome.org/show_bug.cgi?id=708313

Scores

EPSS 0.0007

EPSS Percentile 20.6%

Details

CWE

CWE-264

Status published

Products (50)

gnome/gnome-shell 3.0.0

gnome/gnome-shell 3.0.0.1

gnome/gnome-shell 3.0.0.2

gnome/gnome-shell 3.0.1

gnome/gnome-shell 3.0.2

gnome/gnome-shell 3.1.3

gnome/gnome-shell 3.1.4

gnome/gnome-shell 3.1.90

gnome/gnome-shell 3.1.90.1

gnome/gnome-shell 3.1.91

... and 40 more

Published Apr 29, 2014

Tracked Since Feb 18, 2026