Lucene search

MitreCVE-2020-17489

HistoryAug 11, 2020 - 9:15 p.m.

CVE-2020-17489

2020-08-1121:15:10

CWE-522

mitre

web.nvd.nist.gov

174

cve-2020-17489

gnome

gnome-shell

password visibility

security issue

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

44.8%

JSON

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

Affected configurations

Nvd

Node

gnomegnome-shellRange≤3.36.4

Node

canonicalubuntu_linuxMatch20.04lts

debiandebian_linuxMatch9.0

opensuseleapMatch15.2

VendorProductVersionCPE
gnomegnome-shell*cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnome	gnome-shell	*	cpe:2.3:a:gnome:gnome-shell::::::::
canonical	ubuntu_linux	20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
opensuse	leap	15.2	cpe:2.3:o:opensuse:leap:15.2:::::::*