Information Disclosure in Shotwell Web Publishing Plugin by GNOME
CVE-2017-1000024

7.5HIGH

Key Information:

Vendor: Gnome
Status: Shotwell
Vendor: CVE Published:; 17 July 2017

Summary

Shotwell versions 0.24.4 and earlier, as well as 0.25.3 and earlier, are susceptible to an information disclosure vulnerability within their web publishing plugins. This flaw can lead to the transmission of sensitive data, such as passwords and OAuth tokens, in plaintext. Attackers could exploit this weakness to intercept confidential information, posing a significant risk to user privacy and data security.

References

https://mail.gnome.org/archives/shotwell-list/2017-Januar...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Jul 10, 2017