CVE-2012-1257 — MEDIUM (5.5)

Vulnerability Description

Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Pidgin	Pidgin	2.10.0

Related Weaknesses (CWE)

CWE-319

References

http://developer.pidgin.im/ticket/14830Vendor Advisory
http://pidgin.im/pipermail/devel/2011-December/010521.htmlVendor Advisory
http://developer.pidgin.im/ticket/14830Vendor Advisory
http://pidgin.im/pipermail/devel/2011-December/010521.htmlVendor Advisory

FAQ

What is CVE-2012-1257?

CVE-2012-1257 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.

How severe is CVE-2012-1257?

CVE-2012-1257 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-1257?

Check the references section above for vendor advisories and patch information. Affected products include: Pidgin Pidgin.