Description
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
References (1)
Core 1
Core References
Mailing List, Vendor Advisory mailing-list
x_refsource_mlist
https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html
Scores
CVSS v3
7.5
EPSS
0.0025
EPSS Percentile
48.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (1)
gnome/shotwell
0.24.0 - 0.24.4
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026