4.3

CVE-2013-0240

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGnome Online Accounts Version3.4.0
GnomeGnome Online Accounts Version3.4.1
GnomeGnome Online Accounts Version3.6.0
GnomeGnome Online Accounts Version3.6.1
GnomeGnome Online Accounts Version3.6.2
GnomeGnome Online Accounts Version3.7.1
GnomeGnome Online Accounts Version3.7.2
GnomeGnome Online Accounts Version3.7.3
GnomeGnome Online Accounts Version3.7.4
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version12.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.682
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
http://secunia.com/advisories/51976
Vendor Advisory
http://secunia.com/advisories/52791
Vendor Advisory
http://ubuntu.com/usn/usn-1779-1
https://bugzilla.gnome.org/show_bug.cgi?id=693214
https://bugzilla.redhat.com/show_bug.cgi?id=894352
https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html