{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-20T19:31:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://pidgin.im/pipermail/devel/2011-December/010521.html"}, {"tags": ["x_refsource_MISC"], "url": "http://developer.pidgin.im/ticket/14830"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1257", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://pidgin.im/pipermail/devel/2011-December/010521.html", "refsource": "MISC", "url": "http://pidgin.im/pipermail/devel/2011-December/010521.html"}, {"name": "http://developer.pidgin.im/ticket/14830", "refsource": "MISC", "url": "http://developer.pidgin.im/ticket/14830"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:53:36.925Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://pidgin.im/pipermail/devel/2011-December/010521.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://developer.pidgin.im/ticket/14830"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1257", "datePublished": "2019-11-20T19:31:13", "dateReserved": "2012-02-21T00:00:00", "dateUpdated": "2024-08-06T18:53:36.925Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1337152-04D4-4439-8F49-B6BCE271A3AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor."}, {"lang": "es", "value": "Pidgin versi\u00f3n 2.10.0, usa DBUS para ciertas comunicaciones de texto sin cifrar, lo que permite a usuarios locales obtener informaci\u00f3n confidencial por medio de un monitor de sesi\u00f3n dbus."}], "id": "CVE-2012-1257", "lastModified": "2019-11-21T15:05:31.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-20T20:15:10.877", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://developer.pidgin.im/ticket/14830"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://pidgin.im/pipermail/devel/2011-December/010521.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "pidgin: libpurple no way to restrict \"private\" messages from being sent over session dbus", "id": "798279", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798279"}, "csaw": false, "cvss": {"cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor."], "name": "CVE-2012-1257", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "pidgin", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "pidgin", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "pidgin", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2011-12-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-1257\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-1257"], "statement": "The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}