CVE-2017-1000024

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000024
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000024.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000024
Related
Published
2017-07-17T13:18:16Z
Modified
2025-04-24T04:12:14.046277Z
Downstream
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission

References

Affected packages

Debian:11 / shotwell

Package

Name
shotwell
Purl
pkg:deb/debian/shotwell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.25.4+really0.24.5-0.1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / shotwell

Package

Name
shotwell
Purl
pkg:deb/debian/shotwell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.25.4+really0.24.5-0.1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / shotwell

Package

Name
shotwell
Purl
pkg:deb/debian/shotwell?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.25.4+really0.24.5-0.1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Git / gitlab.gnome.org/GNOME/shotwell

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/GNOME/shotwell
Events
Introduced
c6d5fe9bb77d97c534f8239c6331dc1f41df324b
Last affected
cc6a255b7203b8fb1e2d24ba81f83cec143185e6
Introduced
8cc28654affe568f156bc74a20fb4959160ac872
Last affected
e5a192163148d01708684bc38c4442824fda8178

Affected versions

shotwell-0.*

shotwell-0.24.0
shotwell-0.25.0
shotwell-0.25.1
shotwell-0.25.2
shotwell-0.25.3