CVE-2023-43090: 
NixOS vulnerability analysis and mitigation

A vulnerability (CVE-2023-43090) was discovered in GNOME Shell's lock screen functionality that allows an unauthenticated local user to view windows of the locked desktop session by exploiting keyboard shortcuts to unlock restricted functionality of the screenshot tool. The vulnerability affects GNOME Shell versions 42, 43 prior to 43.9, and 44 prior to 44.5. This security issue was discovered by Mickael Karatekin at SysDream (MITRE, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates a local attack vector, low attack complexity, low privileges required, no user interaction needed, unchanged scope, high confidentiality impact, and no impact on integrity or availability (NVD).

The vulnerability allows unauthorized access to potentially sensitive information displayed on the locked desktop session. An attacker with local access can bypass the lock screen's security measures to view windows that should be protected, potentially exposing confidential information (Red Hat CVE).

The vulnerability has been fixed in GNOME Shell versions 43.9 and 44.5. Users are advised to update to these or later versions to mitigate the security risk. Several distributions have also released security updates, including Ubuntu 23.04 and 23.10, and Debian bookworm (Ubuntu Security, Debian Security).