{"id":"CVE-2019-3820","details":"It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.","modified":"2026-04-10T04:18:06.165857Z","published":"2019-02-06T20:29:00.290Z","related":["SUSE-SU-2019:1390-1","SUSE-SU-2019:1459-1","openSUSE-SU-2019:1582-1","openSUSE-SU-2024:10797-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3966-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00049.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gnome-shell/issues/851"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gnome-shell","events":[{"introduced":"0"},{"last_affected":"ad1970146066b10a0193fc151b991cc8b2bdfcf8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"42.3"}]}}],"versions":["2.27.0","2.27.1","2.27.2","2.27.3","2.28.0","2.29.0","2.29.1","2.31.2","2.31.4","2.31.5","2.91.0","2.91.1","2.91.2","2.91.3","2.91.4","2.91.5","2.91.6","2.91.90","2.91.91","2.91.92","2.91.93","3.0.0","3.0.0.1","3.0.0.2","3.0.1","3.1.3","3.1.4","3.1.90","3.1.90.1","3.1.91","3.1.91.1","3.1.92","3.10.0","3.10.0.1","3.10.1","3.11.1","3.11.2","3.11.3","3.11.5","3.11.90","3.11.91","3.11.92","3.12.0","3.13.1","3.13.2","3.13.3","3.13.4","3.13.90","3.13.91","3.13.92","3.14.0","3.14.1","3.15.1","3.15.2","3.15.3","3.15.4","3.15.90","3.15.91","3.15.92","3.16.0","3.16.1","3.17.1","3.17.2","3.17.3","3.17.4","3.17.90","3.17.91","3.17.92","3.18.0","3.18.1","3.19.1","3.19.2","3.19.3","3.19.4","3.19.90","3.19.91","3.19.92","3.2.0","3.2.1","3.20.0","3.20.1","3.21.1","3.21.2","3.21.3","3.21.4","3.21.90","3.21.90.1","3.21.91","3.21.92","3.22.0","3.22.1","3.23.1","3.23.2","3.23.3","3.23.90","3.23.91","3.23.92","3.24.0","3.25.1","3.25.2","3.25.3","3.25.4","3.25.90","3.25.91","3.26.0","3.26.1","3.27.1","3.27.91","3.27.92","3.28.0","3.28.1","3.29.1","3.29.2","3.29.3","3.29.4","3.29.90","3.29.91","3.29.92","3.3.2","3.3.3","3.3.4","3.3.5","3.3.90","3.3.92","3.30.0","3.30.1","3.31.2","3.31.4","3.31.90","3.31.91","3.31.92","3.32.1","3.33.1","3.33.2","3.33.3","3.33.4","3.33.90","3.33.91","3.33.92","3.34.0","3.34.1","3.35.1","3.35.2","3.35.3","3.35.91","3.35.92","3.36.0","3.37.1","3.37.2","3.37.3","3.37.90","3.37.91","3.37.92","3.38.0","3.38.1","3.4.0","3.4.1","3.5.2","3.5.3","3.5.4","3.5.5","3.5.90","3.5.91","3.5.92","3.6.0","3.6.1","3.7.1","3.7.2","3.7.3","3.7.4","3.7.4.1","3.7.5","3.7.90","3.7.91","3.7.92","3.8.0","3.8.0.1","3.8.1","3.9.1","3.9.2","3.9.3","3.9.4","3.9.5","3.9.90","3.9.91","3.9.92","40.0","40.1","40.alpha","40.alpha.1","40.alpha.1.1","40.beta","40.rc","41.0","41.beta","41.rc","41.rc.1","42.0","42.1","42.2","42.3","42.alpha","42.beta","42.rc"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3820.json","unresolved_ranges":[{"events":[{"introduced":"3.15.91"},{"fixed":"3.30.3"}]},{"events":[{"introduced":"3.31.0"},{"fixed":"3.31.5"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}