10

CVE-2011-2344

EPSS 1.88%
Veröffentlicht 08.07.2011 17:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version2.1

Google ≫ Android Version2.2

Google ≫ Android Version2.2 Updaterev1

Google ≫ Android Version2.2.1

Google ≫ Android Version2.2.2

Google ≫ Android Version2.3 Updaterev1

Google ≫ Android Version2.3.3

Google ≫ Android Version2.3.4

Google ≫ Android Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.88%	0.824

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e

http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20

http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html

https://nvd.nist.gov/vuln/detail/CVE-2011-2344

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2344

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2344

EUVD