CVE-2013-1799

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8
https://bugzilla.gnome.org/show_bug.cgi?id=693214
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html
http://secunia.com/advisories/51976	Vendor Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=695106
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
http://secunia.com/advisories/52791	Vendor Advisory
http://ubuntu.com/usn/usn-1779-1

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.90:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*

Information

Published : 2013-04-01 20:23

Updated : 2023-02-12 20:41

NVD link : CVE-2013-1799

Mitre link : CVE-2013-1799

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

canonical

ubuntu_linux

gnome

gnome_online_accounts

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html", "name": "openSUSE-SU-2013:0301", "tags": [], "refsource": "SUSE"}, {"url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8", "name": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=693214", "name": "https://bugzilla.gnome.org/show_bug.cgi?id=693214", "tags": [], "refsource": "CONFIRM"}, {"url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html", "name": "[gnome-announce-list] 20130305 GNOME Online Accounts 3.7.91 released", "tags": [], "refsource": "MLIST"}, {"url": "http://secunia.com/advisories/51976", "name": "51976", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=695106", "name": "https://bugzilla.gnome.org/show_bug.cgi?id=695106", "tags": [], "refsource": "CONFIRM"}, {"url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html", "name": "[gnome-announce-list] 20130304 GNOME Online Accounts 3.6.3 released", "tags": [], "refsource": "MLIST"}, {"url": "http://secunia.com/advisories/52791", "name": "52791", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://ubuntu.com/usn/usn-1779-1", "name": "USN-1779-1", "tags": [], "refsource": "UBUNTU"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-1799", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-04-02T03:23Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.90:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T04:41Z"}

4.3 /10