Vulnerability-Lookup

CVE-2020-17489 (GCVE-0-2020-17489)

Vulnerability from cvelistv5 – Published: 2020-08-11 20:07 – Updated: 2024-08-04 14:00

Summary

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://gitlab.gnome.org/GNOME/gnome-shell/-/issu…	x_refsource_MISC
	https://usn.ubuntu.com/4464-1/	vendor-advisoryx_refsource_UBUNTU
	https://security.gentoo.org/glsa/202009-08	vendor-advisoryx_refsource_GENTOO
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:00:47.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
          },
          {
            "name": "USN-4464-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4464-1/"
          },
          {
            "name": "GLSA-202009-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202009-08"
          },
          {
            "name": "[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2020:1861",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-07T12:06:14.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
        },
        {
          "name": "USN-4464-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4464-1/"
        },
        {
          "name": "GLSA-202009-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202009-08"
        },
        {
          "name": "[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2020:1861",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-17489",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
            },
            {
              "name": "USN-4464-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4464-1/"
            },
            {
              "name": "GLSA-202009-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202009-08"
            },
            {
              "name": "[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2020:1861",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-17489",
    "datePublished": "2020-08-11T20:07:26.000Z",
    "dateReserved": "2020-08-11T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:00:47.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CNVD-2020-48648

Vulnerability from cnvd - Published: 2020-08-27

Title

GNOME gnome-shell密码泄露漏洞

Description

gnome-shell是一款为GNOME桌面提供切换窗口，启动应用程序或查看通知等核心用户界面功能的shell。 GNOME gnome-shell 3.36.4及之前版本中存在安全漏洞，该漏洞源于如果在用户登录时，将密码设置为可见，注销账户时在登录对话框中会显示该明文密码。目前没有详细的漏洞细节提供。

Severity

低

Formal description

目前厂商未提供修复方案，请关注厂商主页： https://gitlab.gnome.org/GNOME/gnome-shell/

Reference

https://usn.ubuntu.com/4464-1/

Impacted products

Name
GNOME gnome-shell <=3.36.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-17489",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-17489"
    }
  },
  "description": "gnome-shell\u662f\u4e00\u6b3e\u4e3aGNOME\u684c\u9762\u63d0\u4f9b\u5207\u6362\u7a97\u53e3\uff0c\u542f\u52a8\u5e94\u7528\u7a0b\u5e8f\u6216\u67e5\u770b\u901a\u77e5\u7b49\u6838\u5fc3\u7528\u6237\u754c\u9762\u529f\u80fd\u7684shell\u3002\n\nGNOME gnome-shell 3.36.4\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679c\u5728\u7528\u6237\u767b\u5f55\u65f6\uff0c\u5c06\u5bc6\u7801\u8bbe\u7f6e\u4e3a\u53ef\u89c1\uff0c\u6ce8\u9500\u8d26\u6237\u65f6\u5728\u767b\u5f55\u5bf9\u8bdd\u6846\u4e2d\u4f1a\u663e\u793a\u8be5\u660e\u6587\u5bc6\u7801\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u672a\u63d0\u4f9b\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://gitlab.gnome.org/GNOME/gnome-shell/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-48648",
  "openTime": "2020-08-27",
  "products": {
    "product": "GNOME gnome-shell \u003c=3.36.4"
  },
  "referenceLink": "https://usn.ubuntu.com/4464-1/",
  "serverity": "\u4f4e",
  "submitTime": "2020-08-20",
  "title": "GNOME gnome-shell\u5bc6\u7801\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2020-17489

Vulnerability from fkie_nvd - Published: 2020-08-11 21:15 - Updated: 2024-11-21 05:08

Severity ?

4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html	Third Party Advisory
cve@mitre.org	https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202009-08	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4464-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202009-08	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4464-1/	Third Party Advisory

Impacted products

Vendor	Product	Version
gnome	gnome-shell	*
canonical	ubuntu_linux	20.04
debian	debian_linux	9.0
opensuse	leap	15.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E93A336-4ABA-4C22-BB51-ACDD7F43397C",
              "versionEndIncluding": "3.36.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en determinadas configuraciones de GNOME gnome-shell versiones hasta 3.36.4. Cuando se cierra la sesi\u00f3n de una cuenta, el cuadro de contrase\u00f1a a partir del cuadro de di\u00e1logo de inicio de sesi\u00f3n vuelve a aparecer con la contrase\u00f1a a\u00fan visible. Si el usuario ha decidido que la contrase\u00f1a se muestre en texto sin cifrar en el momento del inicio de sesi\u00f3n, estar\u00e1 visible durante un breve momento al cerrar la sesi\u00f3n. (Si la contrase\u00f1a nunca se mostr\u00f3 en texto sin cifrar, solo la longitud de la contrase\u00f1a es revelada)"
    }
  ],
  "id": "CVE-2020-17489",
  "lastModified": "2024-11-21T05:08:13.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-11T21:15:10.837",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202009-08"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4464-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202009-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4464-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-17489

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-17489

Aliases

CVE-2020-17489

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-17489",
    "description": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)",
    "id": "GSD-2020-17489",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-17489.html",
      "https://ubuntu.com/security/CVE-2020-17489",
      "https://advisories.mageia.org/CVE-2020-17489.html",
      "https://linux.oracle.com/cve/CVE-2020-17489.html",
      "https://access.redhat.com/errata/RHSA-2022:1814"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-17489"
      ],
      "details": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)",
      "id": "GSD-2020-17489",
      "modified": "2023-12-13T01:21:49.955947Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-17489",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997",
            "refsource": "MISC",
            "url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
          },
          {
            "name": "USN-4464-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4464-1/"
          },
          {
            "name": "GLSA-202009-08",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202009-08"
          },
          {
            "name": "[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2020:1861",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.36.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-17489"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
            },
            {
              "name": "USN-4464-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4464-1/"
            },
            {
              "name": "GLSA-202009-08",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202009-08"
            },
            {
              "name": "[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2020:1861",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.7,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-03-26T14:46Z",
      "publishedDate": "2020-08-11T21:15Z"
    }
  }
}

cve-2020-17489

Vulnerability from osv_almalinux

Published

2022-05-10 06:28

Modified

2022-05-10 08:02

Summary

Low: gnome-shell security and bug fix update

Details

GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts.

Security Fix(es):

gnome-shell: Password from logged-out user may be shown on login screen (CVE-2020-17489)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "gnome-shell"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.2-44.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts. \n\nSecurity Fix(es):\n\n* gnome-shell: Password from logged-out user may be shown on login screen (CVE-2020-17489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2022:1814",
  "modified": "2022-05-10T08:02:28Z",
  "published": "2022-05-10T06:28:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-1814.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-17489"
    }
  ],
  "related": [
    "CVE-2020-17489"
  ],
  "summary": "Low: gnome-shell security and bug fix update"
}

GHSA-VFPJ-RCWJ-86VM

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-17489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-11T21:15:00Z",
    "severity": "LOW"
  },
  "details": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)",
  "id": "GHSA-vfpj-rcwj-86vm",
  "modified": "2022-05-24T17:25:20Z",
  "published": "2022-05-24T17:25:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17489"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202009-08"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4464-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-17489 (GCVE-0-2020-17489)

CNVD-2020-48648

FKIE_CVE-2020-17489

GSD-2020-17489

cve-2020-17489

Vulnerability from osv_almalinux

GHSA-VFPJ-RCWJ-86VM

Tags

Sightings

Nomenclature