6.4 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
43.3%
Severity: High
Date : 2019-03-03
CVE-ID : CVE-2019-3820 CVE-2019-3825
Package : gdm
Type : access restriction bypass
Remote : No
Link : https://security.archlinux.org/AVG-879
The package gdm before version 3.30.3-1 is vulnerable to access
restriction bypass.
Upgrade to 3.30.3-1.
The problems have been fixed upstream in version 3.30.3.
None.
A partial screen lock bypass via keybindings has been found in gdm <=
3.30.2, allowing a local attacker to unlock a session under certain
circumstances.
An issue has been found in gdm <= 3.30.2, allowing a local attacker
with valid credentials to unlock the session for a different user than
their own.
A local attacker can unlock session if they have other valid
credentials, or under certain circumstances.
https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825
https://gitlab.gnome.org/GNOME/gdm/issues/460
https://security.archlinux.org/CVE-2019-3820
https://security.archlinux.org/CVE-2019-3825
6.4 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
43.3%