CVE-2017-1000025

GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:epiphany:3.18.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.7:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.8:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.9:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.18.10:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.20.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.20.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.20.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.20.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.20.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.20.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.20.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.22.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.22.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.22.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.22.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.22.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.22.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.23.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.23.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.23.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.23.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.23.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.23.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:3.23.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-17 13:18

Updated : 2024-02-04 19:29


NVD link : CVE-2017-1000025

Mitre link : CVE-2017-1000025

CVE.ORG link : CVE-2017-1000025


JSON object : View

Products Affected

gnome

  • epiphany
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor