CVE-2018-20681

low-risk

Published 2019-01-09

mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

PHYSICAL / LOW complexity

Affected Products (1)

Mate-Screensaver

Affected Vendors

Mate-Desktop

References (8)

Exploit https://github.com/mate-desktop/mate-screensaver/issues/152

Exploit https://github.com/mate-desktop/mate-screensaver/issues/155

Third Party Advisory https://github.com/mate-desktop/mate-screensaver/issues/170

Patch https://github.com/mate-desktop/mate-screensaver/pull/167

Exploit https://github.com/mate-desktop/mate-screensaver/issues/152

Exploit https://github.com/mate-desktop/mate-screensaver/issues/155

Third Party Advisory https://github.com/mate-desktop/mate-screensaver/issues/170

Patch https://github.com/mate-desktop/mate-screensaver/pull/167

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal