CVE-2020-17489
Summary
| CVE | CVE-2020-17489 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-08-11 21:15:00 UTC |
|---|
| Updated | 2021-03-26 14:46:00 UTC |
|---|
| Description | An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| USN-4464-1: GNOME Shell vulnerability | Ubuntu security notices | Ubuntu |
UBUNTU |
usn.ubuntu.com |
|
| GNOME Shell: Information disclosure (GLSA 202009-08) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] [DLA 2374-1] gnome-shell security update |
MLIST |
lists.debian.org |
|
| User Password is Visible on Logout (#2997) · Issues · GNOME / gnome-shell · GitLab |
MISC |
gitlab.gnome.org |
Exploit, Patch, Vendor Advisory |
| [security-announce] openSUSE-SU-2020:1861-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161226 Oracle Enterprise Linux Security Update for gnome-shell (ELSA-2022-1814)
- 240277 Red Hat Update for gnome-shell (RHSA-2022:1814)
- 296071 Oracle Solaris 11.4 Support Repository Update (SRU) 27.82.1 Missing (CPUOCT2020)
- 500971 Alpine Linux Security Update for gnome-shell
- 940535 AlmaLinux Security Update for gnome-shell (ALSA-2022:1814)
- 960301 Rocky Linux Security Update for gnome-shell (RLSA-2022:1814)
