CVE-2013-5726

{"id": "CVE-2013-5726", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-11-12T20:55:04.483", "references": [{"url": "http://blog.binaryfactory.ca/2013/11/cve-2013-5726-tweetbot-for-ios-and-mac-user-disclosureprivacy-issue/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/99256", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2013/Nov/9", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://blog.binaryfactory.ca/2013/11/cve-2013-5726-tweetbot-for-ios-and-mac-user-disclosureprivacy-issue/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/99256", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2013/Nov/9", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL."}, {"lang": "es", "value": "Tweetbot 1.3.3 para Mac, y 2.8.5 para iPad y iPhone, no requiere confirmaci\u00f3n de (1) seguimiento o (2) acciones favoritas, lo que permite a atacantes remotos forzar autom\u00e1ticamente al usuario para realizar acciones no deseadas, tal y como se demostr\u00f3 a trav\u00e9s de la URL tweetbot:///follow/."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tapbots:tweetbot:1.3.3:-:*:*:*:mac:*:*", "vulnerable": true, "matchCriteriaId": "C3E6D204-A72F-41B7-B091-AE4A0BD871AB"}, {"criteria": "cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:ipad:*:*", "vulnerable": true, "matchCriteriaId": "4EEEC4B9-1D7F-435B-920D-24AF39C758EE"}, {"criteria": "cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:iphone:*:*", "vulnerable": true, "matchCriteriaId": "2C66EF3D-9C61-4941-9944-0FB6D9A0CFD1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}