PT-2017-10734 · Gnome+2 · Shotwell+2

Jens Georg

Publicado

2017-07-13

Atualizado

2019-10-03

CVE-2017-1000024

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Shotwell versions 0.24.4 or earlier Shotwell versions 0.25.3 or earlier

Description The issue concerns an information disclosure in the web publishing plugins of Shotwell, potentially resulting in the plaintext transmission of passwords and oauth tokens.

Recommendations For Shotwell versions 0.24.4 or earlier, update to a version later than 0.24.4 to resolve the issue. For Shotwell versions 0.25.3 or earlier, update to a version later than 0.25.3 to resolve the issue.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

CVE-2017-1000024

MGASA-2017-0480

SUSE-SU-2018:0637-1

SUSE-SU-2018_0637-1

USN-3379-1

Produtos afetados

Shotwell

Suse

Ubuntu

PT-2017-10734 · Gnome+2 · Shotwell+2

CVE-2017-1000024

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22