Описание
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 8.57+15.04.20141127.1-0ubuntu1 |
| bionic | released | 8.57+15.04.20141127.1-0ubuntu1 |
| cosmic | released | 8.57+15.04.20141127.1-0ubuntu1 |
| devel | released | 8.57+15.04.20141127.1-0ubuntu1 |
| disco | released | 8.57+15.04.20141127.1-0ubuntu1 |
| esm-apps/bionic | released | 8.57+15.04.20141127.1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| esm-infra/xenial | released | 8.57+15.04.20141127.1-0ubuntu1 |
| lucid | DNE | |
| precise | DNE |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3