exploitDog

CVE-2019-12171

Опубликовано: 08 июл. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 4.3

EPSS Низкий

Описание

Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.

Ссылки

https://drive.google.com/open?id=1DCGurwRTu0HsUpTglVR0jgItZNqqDm_5
Exploit
Third Party Advisory
https://drive.google.com/open?id=1msz6pb08crPC0VT7s_Z_KTsKm9CbLJEXNsmRwzoNLy8
Exploit
Third Party Advisory
https://drive.google.com/open?id=1DCGurwRTu0HsUpTglVR0jgItZNqqDm_5
Exploit
Third Party Advisory
https://drive.google.com/open?id=1msz6pb08crPC0VT7s_Z_KTsKm9CbLJEXNsmRwzoNLy8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dropbox:dropbox:71.4.108.0:*:*:*:*:desktop:*:*

EPSS

Процентиль: 31%

0.00119

Низкий

7.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-8cqx-ghph-934c

github

больше 3 лет назад

Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.

EPSS

Процентиль: 31%

0.00119

Низкий

7.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-312