Vulnerability Description
(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Libsocialweb | <= 0.25.19 |
Related Weaknesses (CWE)
References
- http://git.gnome.org/browse/libsocialweb/commit/?id=0086bfbfc07345438123a87957e0Issue TrackingPatch
- http://git.gnome.org/browse/libsocialweb/commit/?id=8982cf504cf3767761fe85d9558bIssue TrackingPatch
- http://www.openwall.com/lists/oss-security/2011/11/09/3Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2011/11/09/5Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=752022Issue Tracking
- http://git.gnome.org/browse/libsocialweb/commit/?id=0086bfbfc07345438123a87957e0Issue TrackingPatch
- http://git.gnome.org/browse/libsocialweb/commit/?id=8982cf504cf3767761fe85d9558bIssue TrackingPatch
- http://www.openwall.com/lists/oss-security/2011/11/09/3Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2011/11/09/5Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=752022Issue Tracking
FAQ
What is CVE-2011-4129?
CVE-2011-4129 is a vulnerability with a CVSS score of 5.8 (MEDIUM). (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might all...
How severe is CVE-2011-4129?
CVE-2011-4129 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4129?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Libsocialweb.