CVE-2023-43090

MEDIUM

GNOME Shell - Info Disclosure

Title source: llm

Description

A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

References (4)

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2023-43090

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2239087

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990

[Patch, Vendor Advisory] https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944

Scores

CVSS v3 5.5

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-862

Status published

Affected Products (4)

gnome/gnome-shell < 43.9

gnome/gnome-shell

fedoraproject/fedora

Timeline

Published Sep 22, 2023

Tracked Since Feb 18, 2026