Описание
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product.
Ссылки
- Third Party Advisory
- Third Party Advisory
- https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_TwitterKit_for_iOS_CVE-2019-16263.pdfExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_TwitterKit_for_iOS_CVE-2019-16263.pdfExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.2 (включая)
cpe:2.3:a:twitter:twitter_kit:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 42%
0.00204
Низкий
7.4 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 7.4
github
больше 3 лет назад
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product.
EPSS
Процентиль: 42%
0.00204
Низкий
7.4 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-295