Описание
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
It was discovered that shotwell did not validate TLS certificates when publishing photos to online service. A man-in-the-middle attacker could intercept requests and provide crafted responses, obtaining users' photos and potentially sensitive data.
Отчет
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | shotwell | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
3.1 Low
CVSS3
2.6 Low
CVSS2
Связанные уязвимости
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to ...
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
EPSS
3.1 Low
CVSS3
2.6 Low
CVSS2