CVE-2017-1000024

Description

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission

How to fix CVE-2017-1000024

To remediate CVE-2017-1000024, upgrade the affected package to a fixed version below.

Debian/shotwell—upgrade to 0.25.4+really0.24.5-0.1 or later

Is CVE-2017-1000024 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 0.25.4+really0.24.5-0.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2017-1000024