CVE-2020-17489

{"id": "CVE-2020-17489", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.7}]}, "published": "2020-08-11T21:15:10.837", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202009-08", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4464-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202009-08", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/4464-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"}, {"lang": "es", "value": "Se detect\u00f3 un problema en determinadas configuraciones de GNOME gnome-shell versiones hasta 3.36.4. Cuando se cierra la sesi\u00f3n de una cuenta, el cuadro de contrase\u00f1a a partir del cuadro de di\u00e1logo de inicio de sesi\u00f3n vuelve a aparecer con la contrase\u00f1a a\u00fan visible. Si el usuario ha decidido que la contrase\u00f1a se muestre en texto sin cifrar en el momento del inicio de sesi\u00f3n, estar\u00e1 visible durante un breve momento al cerrar la sesi\u00f3n. (Si la contrase\u00f1a nunca se mostr\u00f3 en texto sin cifrar, solo la longitud de la contrase\u00f1a es revelada)"}], "lastModified": "2024-11-21T05:08:13.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E93A336-4ABA-4C22-BB51-ACDD7F43397C", "versionEndIncluding": "3.36.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}