CVE-2008-7320

{"id": "CVE-2008-7320", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2018-11-18T19:29:00.220", "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=551036", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.bountysource.com/issues/3849352-seahorse-shows-passwords-without-verification", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision"}, {"lang": "es", "value": "** EN DISPUTA ** GNOME Seahorse hasta la versi\u00f3n 3.30 permite que atacantes f\u00edsicamente cercanos lean contrase\u00f1as en texto plano mediante el di\u00e1logo quickAllow en una estaci\u00f3n de trabajo sin atender, si el llavero est\u00e1 desbloqueado. NOTA: un mantenedor de software discute esto debido a que el comportamiento refleja una decisi\u00f3n de dise\u00f1o."}], "lastModified": "2024-08-07T12:15:36.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:seahorse:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD0725B-FE16-4D17-8079-B2F7558B8316", "versionEndIncluding": "3.30"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}