Описание
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:tapbots:tweetbot:1.3.3:-:*:*:*:mac:*:*
cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:ipad:*:*
cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:iphone:*:*
EPSS
Процентиль: 52%
0.00292
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
EPSS
Процентиль: 52%
0.00292
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352