CVE-2018-20681

Summary

CVE	CVE-2018-20681
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-01-09 23:29:00 UTC
Updated	2019-01-30 14:02:00 UTC
Description	mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mate-desktop	Mate-screensaver	All	All	All	All
Application	Mate-desktop	Mate-screensaver	All	All	All	All

References

Reference	Source	Link	Tags
Lock Screen not working after monitor plugged / unplugged (need to restart mate-screensaver) · Issue #170 · mate-desktop/mate-screensaver · GitHub	MISC	github.com	Third Party Advisory
mate-screensaver screen lock can be bypassed by power cycling monitor [$110] · Issue #155 · mate-desktop/mate-screensaver · GitHub	MISC	github.com	Exploit, Third Party Advisory
mate-screensaver does not maintain user lockout / screen lock under certain conditions · Issue #152 · mate-desktop/mate-screensaver · GitHub	MISC	github.com	Exploit, Patch, Third Party Advisory
Fix-up 5d4416a to solve lock by-passing by XRevan86 · Pull Request #167 · mate-desktop/mate-screensaver · GitHub	MISC	github.com	Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.