CVE-2013-1799 - OpenCVE

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Gnome	Gnome Online Accounts

Configuration 1 [-]

OR	cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:::::::*
	cpe:2.3:a:gnome:gnome_online_accounts:3.7.90:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
http://secunia.com/advisories/51976	Vendor Advisory
http://secunia.com/advisories/52791	Vendor Advisory
http://ubuntu.com/usn/usn-1779-1
https://bugzilla.gnome.org/show_bug.cgi?id=693214
https://bugzilla.gnome.org/show_bug.cgi?id=695106
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-28T17:00:00Z

Updated: 2013-03-28T17:00:00Z

Reserved: 2013-02-19T00:00:00Z

Link: CVE-2013-1799

JSON object: View

NVD Information

Status : Modified

Published: 2013-04-02T03:23:26.253

Modified: 2023-11-07T02:14:49.470

Link: CVE-2013-1799

JSON object: View

Redhat Information

No data.

CWE

CWE-310

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2013-03-28T17:00:00Z"}, "references": [{"name": "[gnome-announce-list] 20130305 GNOME Online Accounts 3.7.91 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8"}, {"name": "51976", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51976"}, {"name": "[gnome-announce-list] 20130304 GNOME Online Accounts 3.6.3 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=695106"}, {"name": "USN-1779-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1779-1"}, {"name": "52791", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52791"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=693214"}, {"name": "openSUSE-SU-2013:0301", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1799", "state": "PUBLISHED", "dateReserved": "2013-02-19T00:00:00Z", "datePublished": "2013-03-28T17:00:00Z", "dateUpdated": "2013-03-28T17:00:00Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "5971CF55-885F-4CED-8491-65DBCE785B6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B74804B4-06B7-4EBA-878B-8B000CFAF436", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "28FBF215-4BE8-445C-B90C-7AA26DF842E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "293EDD49-EECF-41B7-A57D-D7DDF958B31D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "D28A7DA8-54A0-45AB-845C-74163353DAC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "3427636E-5B7E-447E-8B94-34C3930E0E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2759201-0DBD-48A2-B8C1-7F145AADF747", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.90:*:*:*:*:*:*:*", "matchCriteriaId": "1345D6B2-AA1C-411F-91EC-35A807D0A1D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240."}, {"lang": "es", "value": "Gnome Online Accounts (GOA) 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crear cuentas para proveedores que utilizan la biblioteca libsoup, lo que permite a atacantes \"man-in-the-middle\", obtener informaci\u00f3n sensible como credenciales mediante la captura de tr\u00e1fico de red. NOTA: este problema existe ya que no se corrigi\u00f3 correctamente la vulnerabilidad CVE-2013-0240."}], "evaluatorImpact": "Per http://www.ubuntu.com/usn/usn-1779-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\"\r\n", "id": "CVE-2013-1799", "lastModified": "2023-11-07T02:14:49.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-02T03:23:26.253", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51976"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52791"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-1779-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=693214"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=695106"}, {"source": "secalert@redhat.com", "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8"}, {"source": "secalert@redhat.com", "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html"}, {"source": "secalert@redhat.com", "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}