{"id":"CVE-2017-8288","details":"gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.","modified":"2026-04-16T06:21:21.191371364Z","published":"2017-04-27T00:59:00.350Z","related":["SUSE-SU-2017:2217-1","openSUSE-SU-2024:10797-1"],"references":[{"type":"ADVISORY","url":"https://github.com/EasyScreenCast/EasyScreenCast/issues/46"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98070"},{"type":"REPORT","url":"https://bugs.kali.org/view.php?id=2513"},{"type":"REPORT","url":"https://bugzilla.gnome.org/show_bug.cgi?id=781728"},{"type":"FIX","url":"https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gnome-shell","events":[{"introduced":"0"},{"last_affected":"b66dff8aed161063b41d033774b0c5c95d6b0d86"},{"introduced":"0"},{"last_affected":"6ebabd50c624368a4cf91d04eb2ee6d7019424cf"},{"introduced":"0"},{"last_affected":"803406d601922610d220ed3ed1a859a70c731f26"},{"introduced":"0"},{"last_affected":"05a941050d1e9ded045a59285f3ebf301d810904"},{"introduced":"0"},{"last_affected":"7e803fdf236999ef9bce529f20aee37970cbcccb"},{"introduced":"0"},{"last_affected":"08a159d0d829d0d47e7e2a45a30455a10caec4d0"},{"introduced":"0"},{"last_affected":"e581e249ad6765f04ef5fab0e3752207fff78a28"},{"introduced":"0"},{"last_affected":"fbc60199bc67de9cdabcb123802142f2ba9e0a5b"},{"introduced":"0"},{"last_affected":"adc811ff8f60dce5936bb1b20462c50d6e8c1a79"},{"introduced":"0"},{"last_affected":"3b7a4b08e2dec9ca5e76419e678b20c39b69ac79"},{"introduced":"0"},{"last_affected":"577e261d1a19ad734e34f71e930c8d079234b066"},{"introduced":"0"},{"last_affected":"22131d99ad7e3d80ea69be1dadcd8fbb12cdc8b6"},{"fixed":"ff425d1db7082e2755d2a405af53861552acf2a1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.22.0"},{"introduced":"0"},{"last_affected":"3.22.1"},{"introduced":"0"},{"last_affected":"3.22.2"},{"introduced":"0"},{"last_affected":"3.22.3"},{"introduced":"0"},{"last_affected":"3.23.1"},{"introduced":"0"},{"last_affected":"3.23.2"},{"introduced":"0"},{"last_affected":"3.23.3"},{"introduced":"0"},{"last_affected":"3.23.90"},{"introduced":"0"},{"last_affected":"3.23.91"},{"introduced":"0"},{"last_affected":"3.23.92"},{"introduced":"0"},{"last_affected":"3.24.0"},{"introduced":"0"},{"last_affected":"3.24.1"}]}}],"versions":["2.27.0","2.27.1","2.27.2","2.27.3","2.28.0","2.29.0","2.29.1","2.31.2","2.31.4","2.31.5","2.91.0","2.91.1","2.91.2","2.91.3","2.91.4","2.91.5","2.91.6","2.91.90","2.91.91","2.91.92","2.91.93","3.0.0","3.0.0.1","3.0.0.2","3.0.1","3.1.3","3.1.4","3.1.90","3.1.90.1","3.1.91","3.1.91.1","3.1.92","3.10.0","3.10.0.1","3.10.1","3.11.1","3.11.2","3.11.3","3.11.5","3.11.90","3.11.91","3.11.92","3.12.0","3.13.1","3.13.2","3.13.3","3.13.4","3.13.90","3.13.91","3.13.92","3.14.0","3.14.1","3.15.1","3.15.2","3.15.3","3.15.4","3.15.90","3.15.91","3.15.92","3.16.0","3.16.1","3.17.1","3.17.2","3.17.3","3.17.4","3.17.90","3.17.91","3.17.92","3.18.0","3.18.1","3.19.1","3.19.2","3.19.3","3.19.4","3.19.90","3.19.91","3.19.92","3.2.0","3.2.1","3.20.0","3.20.1","3.21.1","3.21.2","3.21.3","3.21.4","3.21.90","3.21.90.1","3.21.91","3.21.92","3.22.0","3.22.1","3.22.2","3.22.3","3.23.1","3.23.2","3.23.3","3.23.90","3.23.91","3.23.92","3.24.0","3.24.1","3.3.2","3.3.3","3.3.4","3.3.5","3.3.90","3.3.92","3.4.0","3.4.1","3.5.2","3.5.3","3.5.4","3.5.5","3.5.90","3.5.91","3.5.92","3.6.0","3.6.1","3.7.1","3.7.2","3.7.3","3.7.4","3.7.4.1","3.7.5","3.7.90","3.7.91","3.7.92","3.8.0","3.8.0.1","3.8.1","3.9.1","3.9.2","3.9.3","3.9.4","3.9.5","3.9.90","3.9.91","3.9.92"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8288.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}