CVE-2013-7220

Severity

46%

Complexity

39%

Confidentiality

106%

Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.

Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

GNOME gnome-shell

First reported 10 years ago

2014-04-29 14:38:00

Last updated 10 years ago

2014-04-29 18:53:00

Affected Software

GNOME gnome-shell 3.0.0

3.0.0

GNOME gnome-shell 3.0.0.1

3.0.0.1

GNOME gnome-shell 3.0.0.2

3.0.0.2

GNOME gnome-shell 3.0.1

3.0.1

GNOME gnome-shell 3.0.2

3.0.2

GNOME gnome-shell 3.1.3

3.1.3

GNOME gnome-shell 3.1.4

3.1.4

GNOME gnome-shell 3.1.90

3.1.90

GNOME gnome-shell 3.1.90.1

3.1.90.1

GNOME gnome-shell 3.1.91

3.1.91

GNOME gnome-shell 3.1.91.1

3.1.91.1

GNOME gnome-shell 3.1.92

3.1.92

GNOME gnome-shell 3.2.0

3.2.0

GNOME gnome-shell 3.2.1

3.2.1

GNOME gnome-shell 3.2.2

3.2.2

GNOME gnome-shell 3.2.2.1

3.2.2.1

GNOME gnome-shell 3.3.2

3.3.2

GNOME gnome-shell 3.3.3

3.3.3

GNOME gnome-shell 3.3.5

3.3.5

GNOME gnome-shell 3.3.90

3.3.90

GNOME gnome-shell 3.3.91

3.3.91

GNOME gnome-shell 3.3.92

3.3.92

GNOME gnome-shell 3.4.0

3.4.0

GNOME gnome-shell 3.4.1

3.4.1

GNOME gnome-shell 3.4.2

3.4.2

GNOME gnome-shell 3.5.2

3.5.2

GNOME gnome-shell 3.5.3

3.5.3

GNOME gnome-shell 3.5.4

3.5.4

GNOME gnome-shell 3.5.90

3.5.90

GNOME gnome-shell 3.5.91

3.5.91

GNOME gnome-shell 3.5.92

3.5.92

GNOME gnome-shell 3.6.0

3.6.0

GNOME gnome-shell 3.6.1

3.6.1

GNOME gnome-shell 3.6.2

3.6.2

GNOME gnome-shell 3.6.3

3.6.3

GNOME gnome-shell 3.6.3.1

3.6.3.1

GNOME gnome-shell 3.7.1

3.7.1

GNOME gnome-shell 3.7.2

3.7.2

GNOME gnome-shell 3.7.2.1

3.7.2.1

GNOME gnome-shell 3.7.3

3.7.3

GNOME gnome-shell 3.7.3.1

3.7.3.1

GNOME gnome-shell 3.7.4

3.7.4

GNOME gnome-shell 3.7.4.1

3.7.4.1

GNOME gnome-shell 3.7.5

3.7.5

GNOME gnome-shell 3.7.91

3.7.91

References

[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues

[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues

[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues

https://bugzilla.gnome.org/show_bug.cgi?id=686740

https://bugzilla.redhat.com/show_bug.cgi?id=1030431

https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.