OpenCVE

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Gnome	Gnome Online Accounts

Configuration 1 [-]

OR	cpe:2.3:a:gnome:gnome_online_accounts:3.4.0:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.4.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
http://secunia.com/advisories/51976
http://secunia.com/advisories/52791
http://ubuntu.com/usn/usn-1779-1
https://bugzilla.gnome.org/show_bug.cgi?id=693214
https://bugzilla.redhat.com/show_bug.cgi?id=894352
https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-28T17:00:00Z

Updated: 2024-08-06T14:18:09.872Z

Reserved: 2012-12-06T00:00:00Z

Link: CVE-2013-0240

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-04-02T03:22:21.037

Modified: 2024-11-21T01:47:08.230

Link: CVE-2013-0240

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object