CVE-2018-6017

Опубликовано: 24 янв. 2018

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.

Ссылки

https://www.checkmarx.com/2018/01/23/tinder-someone-may-watching-swipe-2/
Third Party Advisory
https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/
Press/Media Coverage
Third Party Advisory
https://www.checkmarx.com/2018/01/23/tinder-someone-may-watching-swipe-2/
Third Party Advisory
https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/
Press/Media Coverage
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tinder:tinder:-:*:*:*:*:iphone_os:*:*

Конфигурация 2

cpe:2.3:a:tinder:tinder:-:*:*:*:*:android:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-v8jp-7jrq-rg7x