{"id":"CVE-2017-8900","details":"LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.","modified":"2026-04-10T04:01:19.898808Z","published":"2017-05-12T07:29:00.233Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98554"},{"type":"FIX","url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html"},{"type":"FIX","url":"https://www.ubuntu.com/usn/usn-3285-1/"},{"type":"FIX","url":"https://launchpad.net/bugs/1663157"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/canonical/lightdm","events":[{"introduced":"0"},{"last_affected":"86c6734caf7dc2be62a2376e9b1c8a704b681875"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.22.0"}]}}],"versions":["1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.10.0","1.11.0","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","1.12.0","1.13.0","1.13.1","1.13.2","1.14.0","1.14.0-0ubuntu2","1.15.0","1.15.1","1.15.2","1.15.3","1.16.0","1.17.0","1.17.1","1.17.2","1.17.3","1.17.4","1.17.5","1.17.5-0ubuntu2","1.17.6","1.18.0","1.19.0","1.19.1","1.19.2","1.19.3","1.19.4","1.19.5","1.2.0","1.2.1","1.20.0","1.20.0-0ubuntu2","1.21.0","1.21.1","1.21.1-0ubuntu2","1.21.2","1.21.3","1.21.4","1.21.5","1.22.0","1.3.1","1.3.2","1.3.3","1.4.0","1.5.0","1.5.1","1.5.2","1.5.3","1.6.0","1.7.0","1.7.1","1.7.10","1.7.11","1.7.12","1.7.13","1.7.14","1.7.15","1.7.15-0ubuntu1","1.7.16","1.7.17","1.7.18","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8.0","1.9.0","1.9.1","1.9.10","1.9.11","1.9.12","1.9.13","1.9.14","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.6-0ubuntu4","1.9.7","1.9.8","1.9.9","lightdm-0.0.1","lightdm-0.0.2","lightdm-0.0.3","lightdm-0.0.4","lightdm-0.1.0","lightdm-0.1.1","lightdm-0.1.2","lightdm-0.2.0","lightdm-0.2.1","lightdm-0.2.2","lightdm-0.2.3","lightdm-0.3.0","lightdm-0.3.1","lightdm-0.3.2","lightdm-0.3.3","lightdm-0.3.4","lightdm-0.3.5","lightdm-0.3.6","lightdm-0.3.7","lightdm-0.4.0","lightdm-0.4.1","lightdm-0.4.2","lightdm-0.4.3","lightdm-0.4.3.real","lightdm-0.4.4","lightdm-0.9.0","lightdm-0.9.1","lightdm-0.9.3","lightdm-0.9.4","lightdm-0.9.5","lightdm-0.9.6","lightdm-0.9.7","lightdm-0.9.8","lightdm-1.0.0","lightdm-1.1.0","lightdm-1.1.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8900.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}