4.3

CVE-2013-1799

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.  NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGnome Online Accounts Version3.6.0
GnomeGnome Online Accounts Version3.6.1
GnomeGnome Online Accounts Version3.6.2
GnomeGnome Online Accounts Version3.7.1
GnomeGnome Online Accounts Version3.7.2
GnomeGnome Online Accounts Version3.7.3
GnomeGnome Online Accounts Version3.7.4
GnomeGnome Online Accounts Version3.7.90
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version12.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.03% 0.591
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
http://secunia.com/advisories/51976
Vendor Advisory
http://secunia.com/advisories/52791
Vendor Advisory
http://ubuntu.com/usn/usn-1779-1
https://bugzilla.gnome.org/show_bug.cgi?id=693214
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
https://bugzilla.gnome.org/show_bug.cgi?id=695106
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html