{"id":"CVE-2021-20315","details":"A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the \"Application menu\" or \"Window list\" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.","modified":"2026-04-10T04:29:18.385214Z","published":"2022-02-18T18:15:08.800Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2006285"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gnome-shell","events":[{"introduced":"0"},{"fixed":"3a060d755dc2bee48883d39d3bf7ce79c4889e5d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.32.2"}]}}],"versions":["2.27.0","2.27.1","2.27.2","2.27.3","2.28.0","2.29.0","2.29.1","2.31.2","2.31.4","2.31.5","2.91.0","2.91.1","2.91.2","2.91.3","2.91.4","2.91.5","2.91.6","2.91.90","2.91.91","2.91.92","2.91.93","3.0.0","3.0.0.1","3.0.0.2","3.0.1","3.1.3","3.1.4","3.1.90","3.1.90.1","3.1.91","3.1.91.1","3.1.92","3.10.0","3.10.0.1","3.10.1","3.11.1","3.11.2","3.11.3","3.11.5","3.11.90","3.11.91","3.11.92","3.12.0","3.13.1","3.13.2","3.13.3","3.13.4","3.13.90","3.13.91","3.13.92","3.14.0","3.14.1","3.15.1","3.15.2","3.15.3","3.15.4","3.15.90","3.15.91","3.15.92","3.16.0","3.16.1","3.17.1","3.17.2","3.17.3","3.17.4","3.17.90","3.17.91","3.17.92","3.18.0","3.18.1","3.19.1","3.19.2","3.19.3","3.19.4","3.19.90","3.19.91","3.19.92","3.2.0","3.2.1","3.20.0","3.20.1","3.21.1","3.21.2","3.21.3","3.21.4","3.21.90","3.21.90.1","3.21.91","3.21.92","3.22.0","3.22.1","3.23.1","3.23.2","3.23.3","3.23.90","3.23.91","3.23.92","3.24.0","3.25.1","3.25.2","3.25.3","3.25.4","3.25.90","3.25.91","3.26.0","3.26.1","3.27.1","3.27.91","3.27.92","3.28.0","3.28.1","3.29.1","3.29.2","3.29.3","3.29.4","3.29.90","3.29.91","3.29.92","3.3.2","3.3.3","3.3.4","3.3.5","3.3.90","3.3.92","3.30.0","3.30.1","3.31.2","3.31.4","3.31.90","3.31.91","3.31.92","3.32.1","3.4.0","3.4.1","3.5.2","3.5.3","3.5.4","3.5.5","3.5.90","3.5.91","3.5.92","3.6.0","3.6.1","3.7.1","3.7.2","3.7.3","3.7.4","3.7.4.1","3.7.5","3.7.90","3.7.91","3.7.92","3.8.0","3.8.0.1","3.8.1","3.9.1","3.9.2","3.9.3","3.9.4","3.9.5","3.9.90","3.9.91","3.9.92"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20315.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}