5.8
CVE-2012-4511
- EPSS 1.82%
- Veröffentlicht 22.10.2012 23:55:07
- Zuletzt bearbeitet 16.06.2026 23:45:14
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gnome ≫ Libsocialweb Version <= 0.25.20
Gnome ≫ Libsocialweb Version0.25.0
Gnome ≫ Libsocialweb Version0.25.1
Gnome ≫ Libsocialweb Version0.25.2
Gnome ≫ Libsocialweb Version0.25.3
Gnome ≫ Libsocialweb Version0.25.4
Gnome ≫ Libsocialweb Version0.25.5
Gnome ≫ Libsocialweb Version0.25.6
Gnome ≫ Libsocialweb Version0.25.7
Gnome ≫ Libsocialweb Version0.25.8
Gnome ≫ Libsocialweb Version0.25.9
Gnome ≫ Libsocialweb Version0.25.10
Gnome ≫ Libsocialweb Version0.25.11
Gnome ≫ Libsocialweb Version0.25.12
Gnome ≫ Libsocialweb Version0.25.13
Gnome ≫ Libsocialweb Version0.25.14
Gnome ≫ Libsocialweb Version0.25.15
Gnome ≫ Libsocialweb Version0.25.16
Gnome ≫ Libsocialweb Version0.25.17
Gnome ≫ Libsocialweb Version0.25.18
Gnome ≫ Libsocialweb Version0.25.19
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.82% | 0.759 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503
http://www.openwall.com/lists/oss-security/2012/10/10/10
http://www.openwall.com/lists/oss-security/2012/10/11/1
http://www.openwall.com/lists/oss-security/2012/10/23/5
https://bugzilla.redhat.com/show_bug.cgi?id=863206