CVE-2017-8288

Name of the Vulnerable Software and Affected Versions gnome-shell versions 3.22 through 3.24.1

Description The issue arises from the mishandling of extensions that fail to reload, potentially leaving them enabled on the lock screen. This could allow a bystander to launch applications, although interaction with them would be restricted. Additionally, information from the extensions could be visible, such as open applications or music being played. In some cases, it might even be possible to execute arbitrary commands, depending on the extensions a user has enabled. The problem stems from a lack of exception handling in the js/ui/extensionSystem.js file.

Recommendations For gnome-shell versions 3.22 through 3.24.1, consider disabling extensions that could pose a risk until a proper fix is applied, especially those that could execute arbitrary commands or reveal sensitive information. As a temporary workaround, restrict access to the lock screen to minimize the risk of exploitation.