CVE-2015-3213

Published: Aug 12, 2015Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures.

Affected (1)

Products: Clutter Project: Clutter

Clutter Project

1 product

Clutter

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Clutter Project Clutter	Up to 1.16.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (10)

http://rhn.redhat.com/errata/RHSA-2015-1510.html

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.gnome.org/show_bug.cgi?id=710227

Source: secalert@redhat.com

https://bugzilla.gnome.org/show_bug.cgi?id=749847

Source: secalert@redhat.com

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=1227098

Source: secalert@redhat.com

https://git.gnome.org/browse/clutter/commit/?h=clutter-1.18&id=97724939c8de004d7fa230f3ff64862d957f93a9

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1510.html