CVE-2023-50977

Name of the Vulnerable Software and Affected Versions GNOME Shell versions through 45.2

Description The issue allows for unauthenticated remote code execution by intercepting two DNS requests, specifically the GNOME Network Manager and GNOME Shell Portal Helper connectivity checks, and responding with attacker-specific IP addresses. This causes the GNOME Captive Portal to launch via a WebKitGTK browser, which can run JavaScript code inside a sandbox. Note that the vendor considers this behavior intended, as the JavaScript code runs inside a sandbox.

Recommendations For GNOME Shell versions through 45.2, consider restricting the use of the WebKitGTK browser or disabling the GNOME Captive Portal feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.