Information Disclosure in Shotwell Web Publishing Plugin by GNOME
CVE-2017-1000024

7.5HIGH

Key Information:

Vendor: Gnome
Status: Shotwell
Vendor: CVE Published:; 17 July 2017

What is CVE-2017-1000024?

Shotwell versions 0.24.4 and earlier, as well as 0.25.3 and earlier, are susceptible to an information disclosure vulnerability within their web publishing plugins. This flaw can lead to the transmission of sensitive data, such as passwords and OAuth tokens, in plaintext. Attackers could exploit this weakness to intercept confidential information, posing a significant risk to user privacy and data security.

References

https://mail.gnome.org/archives/shotwell-list/2017-Januar...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Jul 10, 2017

JSON

Gnome

What is CVE-2017-1000024?

References

CVSS V3.1

Timeline