Search
Find a vulnerability
Search criteria
4 vulnerabilities found for shotwell by gnome
CVE-2017-1000024 (GCVE-0-2017-1000024)
Vulnerability from nvd – Published: 2017-07-13 20:00 – Updated: 2024-08-05 21:53
VLAI
EPSS
VEX
Summary
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mail.gnome.org/archives/shotwell-list/201… | mailing-listx_refsource_MLIST |
Date Public
2017-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[shotwell] 20170131 ATTENTION! Shotwell 0.24.5 and 0.25.4 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00.000Z",
"datePublic": "2017-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[shotwell] 20170131 ATTENTION! Shotwell 0.24.5 and 0.25.4 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.274364",
"ID": "CVE-2017-1000024",
"REQUESTER": "mail@jensge.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[shotwell] 20170131 ATTENTION! Shotwell 0.24.5 and 0.25.4 released",
"refsource": "MLIST",
"url": "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000024",
"datePublished": "2017-07-13T20:00:00.000Z",
"dateReserved": "2017-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1000033 (GCVE-0-2016-1000033)
Vulnerability from nvd – Published: 2016-10-25 14:00 – Updated: 2024-08-06 03:47
VLAI
EPSS
VEX
Summary
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.gnome.org/show_bug.cgi?id=754488 | x_refsource_MISC |
Date Public
2016-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=754488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-25T11:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=754488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=754488",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=754488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1000033",
"datePublished": "2016-10-25T14:00:00.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000024 (GCVE-0-2017-1000024)
Vulnerability from cvelistv5 – Published: 2017-07-13 20:00 – Updated: 2024-08-05 21:53
VLAI
EPSS
VEX
Summary
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mail.gnome.org/archives/shotwell-list/201… | mailing-listx_refsource_MLIST |
Date Public
2017-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[shotwell] 20170131 ATTENTION! Shotwell 0.24.5 and 0.25.4 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00.000Z",
"datePublic": "2017-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[shotwell] 20170131 ATTENTION! Shotwell 0.24.5 and 0.25.4 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.274364",
"ID": "CVE-2017-1000024",
"REQUESTER": "mail@jensge.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[shotwell] 20170131 ATTENTION! Shotwell 0.24.5 and 0.25.4 released",
"refsource": "MLIST",
"url": "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000024",
"datePublished": "2017-07-13T20:00:00.000Z",
"dateReserved": "2017-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1000033 (GCVE-0-2016-1000033)
Vulnerability from cvelistv5 – Published: 2016-10-25 14:00 – Updated: 2024-08-06 03:47
VLAI
EPSS
VEX
Summary
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.gnome.org/show_bug.cgi?id=754488 | x_refsource_MISC |
Date Public
2016-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=754488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-25T11:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=754488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=754488",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=754488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1000033",
"datePublished": "2016-10-25T14:00:00.000Z",
"dateReserved": "2016-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}