Vulnerability Description
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Shotwell | >= 0.24.0, <= 0.24.4 |
Related Weaknesses (CWE)
References
- https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.htmlMailing ListVendor Advisory
- https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.htmlMailing ListVendor Advisory
FAQ
What is CVE-2017-1000024?
CVE-2017-1000024 is a vulnerability with a CVSS score of 7.5 (HIGH). Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
How severe is CVE-2017-1000024?
CVE-2017-1000024 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-1000024?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Shotwell.