FKIE_CVE-2013-1799

Vulnerability from fkie_nvd - Published: 2013-04-02 03:23 - Updated: 2025-04-11 00:51
Severity ?
Summary
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
secalert@redhat.comhttp://secunia.com/advisories/51976Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/52791Vendor Advisory
secalert@redhat.comhttp://ubuntu.com/usn/usn-1779-1
secalert@redhat.comhttps://bugzilla.gnome.org/show_bug.cgi?id=693214
secalert@redhat.comhttps://bugzilla.gnome.org/show_bug.cgi?id=695106
secalert@redhat.comhttps://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8
secalert@redhat.comhttps://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
secalert@redhat.comhttps://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51976Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52791Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-1779-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.gnome.org/show_bug.cgi?id=693214
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.gnome.org/show_bug.cgi?id=695106
af854a3a-2127-422b-91ae-364da2661108https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8
af854a3a-2127-422b-91ae-364da2661108https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
af854a3a-2127-422b-91ae-364da2661108https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html
Impacted products
Vendor Product Version
gnome gnome_online_accounts 3.6.0
gnome gnome_online_accounts 3.6.1
gnome gnome_online_accounts 3.6.2
gnome gnome_online_accounts 3.7.1
gnome gnome_online_accounts 3.7.2
gnome gnome_online_accounts 3.7.3
gnome gnome_online_accounts 3.7.4
gnome gnome_online_accounts 3.7.90
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5971CF55-885F-4CED-8491-65DBCE785B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74804B4-06B7-4EBA-878B-8B000CFAF436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28FBF215-4BE8-445C-B90C-7AA26DF842E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "293EDD49-EECF-41B7-A57D-D7DDF958B31D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28A7DA8-54A0-45AB-845C-74163353DAC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3427636E-5B7E-447E-8B94-34C3930E0E05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2759201-0DBD-48A2-B8C1-7F145AADF747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "1345D6B2-AA1C-411F-91EC-35A807D0A1D7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.  NOTE: this issue exists because of an incomplete fix for CVE-2013-0240."
    },
    {
      "lang": "es",
      "value": "Gnome Online Accounts (GOA) 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crear cuentas para proveedores que utilizan la biblioteca libsoup, lo que permite a atacantes \"man-in-the-middle\", obtener informaci\u00f3n sensible como credenciales mediante la captura de tr\u00e1fico de red. NOTA: este problema existe ya que no se corrigi\u00f3 correctamente la vulnerabilidad CVE-2013-0240."
    }
  ],
  "evaluatorImpact": "Per http://www.ubuntu.com/usn/usn-1779-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n    Ubuntu 12.10\r\n    Ubuntu 12.04 LTS\r\n    Ubuntu 11.10\"\r\n",
  "id": "CVE-2013-1799",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-02T03:23:26.253",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51976"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52791"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ubuntu.com/usn/usn-1779-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=693214"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=695106"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ubuntu.com/usn/usn-1779-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=693214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=695106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.