{"api_version":"1","generated_at":"2026-04-23T02:14:24+00:00","cve":"CVE-2020-17489","urls":{"html":"https://cve.report/CVE-2020-17489","api":"https://cve.report/api/cve/CVE-2020-17489.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-17489","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-17489"},"summary":{"title":"CVE-2020-17489","description":"An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-08-11 21:15:00","updated_at":"2021-03-26 14:46:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://usn.ubuntu.com/4464-1/","name":"USN-4464-1","refsource":"UBUNTU","tags":[],"title":"USN-4464-1: GNOME Shell vulnerability | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202009-08","name":"GLSA-202009-08","refsource":"GENTOO","tags":[],"title":"GNOME Shell: Information disclosure (GLSA 202009-08) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html","name":"[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2374-1] gnome-shell security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997","name":"https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997","refsource":"MISC","tags":["Exploit","Patch","Vendor Advisory"],"title":"User Password is Visible on Logout (#2997) · Issues · GNOME / gnome-shell · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html","name":"openSUSE-SU-2020:1861","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1861-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-17489","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17489","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"17489","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"17489","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"17489","vulnerable":"1","versionEndIncluding":"3.36.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gnome-shell","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"17489","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-17489","qid":"161226","title":"Oracle Enterprise Linux Security Update for gnome-shell (ELSA-2022-1814)"},{"cve":"CVE-2020-17489","qid":"240277","title":"Red Hat Update for gnome-shell (RHSA-2022:1814)"},{"cve":"CVE-2020-17489","qid":"296071","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 27.82.1 Missing (CPUOCT2020)"},{"cve":"CVE-2020-17489","qid":"500971","title":"Alpine Linux Security Update for gnome-shell"},{"cve":"CVE-2020-17489","qid":"940535","title":"AlmaLinux Security Update for gnome-shell (ALSA-2022:1814)"},{"cve":"CVE-2020-17489","qid":"960301","title":"Rocky Linux Security Update for gnome-shell (RLSA-2022:1814)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-17489","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997","refsource":"MISC","name":"https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997"},{"refsource":"UBUNTU","name":"USN-4464-1","url":"https://usn.ubuntu.com/4464-1/"},{"refsource":"GENTOO","name":"GLSA-202009-08","url":"https://security.gentoo.org/glsa/202009-08"},{"refsource":"MLIST","name":"[debian-lts-announce] 20200915 [SECURITY] [DLA 2374-1] gnome-shell security update","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1861","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html"}]}},"nvd":{"publishedDate":"2020-08-11 21:15:00","lastModifiedDate":"2021-03-26 14:46:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.7,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":1.9},"severity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnome:gnome-shell:*:*:*:*:*:*:*:*","versionEndIncluding":"3.36.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"17489","Ordinal":"178898","Title":"CVE-2020-17489","CVE":"CVE-2020-17489","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"17489","Ordinal":"1","NoteData":"An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)","Type":"Description","Title":null},{"CveYear":"2020","CveId":"17489","Ordinal":"2","NoteData":"2020-08-11","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"17489","Ordinal":"3","NoteData":"2020-11-07","Type":"Other","Title":"Modified"}]}}}