PT-2017-10734 · Gnome+2 · Shotwell+2

Jens Georg

Published

2017-07-13

Updated

2019-10-03

CVE-2017-1000024

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Shotwell versions 0.24.4 or earlier Shotwell versions 0.25.3 or earlier

Description The issue concerns an information disclosure in the web publishing plugins of Shotwell, potentially resulting in the plaintext transmission of passwords and oauth tokens.

Recommendations For Shotwell versions 0.24.4 or earlier, update to a version later than 0.24.4 to resolve the issue. For Shotwell versions 0.25.3 or earlier, update to a version later than 0.25.3 to resolve the issue.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2017-1000024

MGASA-2017-0480

SUSE-SU-2018:0637-1

SUSE-SU-2018_0637-1

USN-3379-1

Affected Products

Shotwell

Suse

Ubuntu

PT-2017-10734 · Gnome+2 · Shotwell+2

CVE-2017-1000024

Weakness Enumeration

Related Identifiers

Affected Products

References · 22