CVE-2013-0240

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
gnomegnome_online_accounts
3.4.0
gnomegnome_online_accounts
3.4.1
gnomegnome_online_accounts
3.6.0
gnomegnome_online_accounts
3.6.1
gnomegnome_online_accounts
3.6.2
gnomegnome_online_accounts
3.7.1
gnomegnome_online_accounts
3.7.2
gnomegnome_online_accounts
3.7.3
gnomegnome_online_accounts
3.7.4
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-online-accounts
bookworm
3.46.0-1
fixed
bullseye
3.38.0-3
fixed
sid
3.52.0-1
fixed
trixie
3.52.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-online-accounts
hardy
dne
lucid
dne
oneiric
Fixed 3.2.1-0ubuntu1.1
released
precise
Fixed 3.4.0-0ubuntu1.1
released
quantal
Fixed 3.6.0-0ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gnome-online-accounts
suse enterprise desktop 12
3.10.5-1.11
fixed
suse enterprise desktop 12 SP1
3.10.5-1.11
fixed
suse enterprise desktop 12 SP2
3.20.4-7.2
fixed
suse enterprise desktop 12 SP3
3.20.5-9.6
fixed
suse enterprise desktop 12 SP4
3.20.5-9.6
fixed
suse enterprise desktop 15
3.26.2-3.34
fixed
suse enterprise desktop 15 SP1
3.26.2-3.34
fixed
suse enterprise sap 12
3.10.5-1.11
fixed
suse enterprise sap 12 SP1
3.10.5-1.11
fixed
suse enterprise sap 12 SP2
3.20.4-7.2
fixed
suse enterprise sap 12 SP3
3.20.5-9.6
fixed
suse enterprise sap 12 SP4
3.20.5-9.6
fixed
suse enterprise sap 12 SP5
3.20.8-10.4.50
fixed
suse enterprise sap 15
3.26.2-3.34
fixed
suse enterprise sap 15 SP1
3.26.2-3.34
fixed
suse enterprise server 12
3.10.5-1.11
fixed
suse enterprise server 12 SP1
3.10.5-1.11
fixed
suse enterprise server 12 SP2
3.20.4-7.2
fixed
suse enterprise server 12 SP3
3.20.5-9.6
fixed
suse enterprise server 12 SP4
3.20.5-9.6
fixed
suse enterprise server 12 SP5
3.20.8-10.4.50
fixed
suse enterprise server 15
3.26.2-3.34
fixed
suse enterprise server 15 SP1
3.26.2-3.34
fixed
suse enterprise workstation 12
3.10.5-1.11
fixed
suse enterprise workstation 12 SP1
3.10.5-1.11
fixed
suse enterprise workstation 12 SP2
3.20.4-7.2
fixed
suse enterprise workstation 12 SP3
3.20.5-9.6
fixed
suse enterprise workstation 12 SP4
3.20.5-9.6
fixed
suse enterprise workstation 12 SP5
3.20.8-10.4.50
fixed
suse enterprise workstation 15
3.26.2-3.34
fixed
suse enterprise workstation 15 SP1
3.26.2-3.34
fixed
gnome-online-accounts-devel
suse enterprise desktop 15
3.26.2-3.34
fixed
suse enterprise desktop 15 SP1
3.26.2-3.34
fixed
suse enterprise sap 15
3.26.2-3.34
fixed
suse enterprise sap 15 SP1
3.26.2-3.34
fixed
suse enterprise server 15
3.26.2-3.34
fixed
suse enterprise server 15 SP1
3.26.2-3.34
fixed
gnome-online-accounts-lang
suse enterprise desktop 12
3.10.5-1.11
fixed
suse enterprise desktop 12 SP1
3.10.5-1.11
fixed
suse enterprise desktop 12 SP2
3.20.4-7.2
fixed
suse enterprise desktop 12 SP3
3.20.5-9.6
fixed
suse enterprise desktop 12 SP4
3.20.5-9.6
fixed
suse enterprise desktop 15
3.26.2-3.34
fixed
suse enterprise desktop 15 SP1
3.26.2-3.34
fixed
suse enterprise sap 12
3.10.5-1.11
fixed
suse enterprise sap 12 SP1
3.10.5-1.11
fixed
suse enterprise sap 12 SP2
3.20.4-7.2
fixed
suse enterprise sap 12 SP3
3.20.5-9.6
fixed
suse enterprise sap 12 SP4
3.20.5-9.6
fixed
suse enterprise sap 12 SP5
3.20.8-10.4.50
fixed
suse enterprise sap 15
3.26.2-3.34
fixed
suse enterprise sap 15 SP1
3.26.2-3.34
fixed
suse enterprise server 12
3.10.5-1.11
fixed
suse enterprise server 12 SP1
3.10.5-1.11
fixed
suse enterprise server 12 SP2
3.20.4-7.2
fixed
suse enterprise server 12 SP3
3.20.5-9.6
fixed
suse enterprise server 12 SP4
3.20.5-9.6
fixed
suse enterprise server 12 SP5
3.20.8-10.4.50
fixed
suse enterprise server 15
3.26.2-3.34
fixed
suse enterprise server 15 SP1
3.26.2-3.34
fixed
suse enterprise workstation 12
3.10.5-1.11
fixed
suse enterprise workstation 12 SP1
3.10.5-1.11
fixed
suse enterprise workstation 12 SP2
3.20.4-7.2
fixed
suse enterprise workstation 12 SP3
3.20.5-9.6
fixed
suse enterprise workstation 12 SP4
3.20.5-9.6
fixed
suse enterprise workstation 12 SP5
3.20.8-10.4.50
fixed
suse enterprise workstation 15
3.26.2-3.34
fixed
suse enterprise workstation 15 SP1
3.26.2-3.34
fixed
libgoa-1_0-0
suse enterprise desktop 15
3.26.2-3.34
fixed
suse enterprise desktop 15 SP1
3.26.2-3.34
fixed
suse enterprise sap 12 SP5
3.20.8-10.4.50
fixed
suse enterprise sap 15
3.26.2-3.34
fixed
suse enterprise sap 15 SP1
3.26.2-3.34
fixed
suse enterprise server 12 SP2
3.20.4-7.2
fixed
suse enterprise server 12 SP3
3.20.5-9.6
fixed
suse enterprise server 12 SP4
3.20.5-9.6
fixed
suse enterprise server 12 SP5
3.20.8-10.4.50
fixed
suse enterprise server 15
3.26.2-3.34
fixed
suse enterprise server 15 SP1
3.26.2-3.34
fixed
libgoa-1_0-0-32bit
suse enterprise desktop 12 SP2
3.20.4-7.2
fixed
suse enterprise desktop 12 SP3
3.20.5-9.6
fixed
suse enterprise desktop 12 SP4
3.20.5-9.6
fixed
suse enterprise sap 12 SP2
3.20.4-7.2
fixed
suse enterprise sap 12 SP3
3.20.5-9.6
fixed
suse enterprise sap 12 SP4
3.20.5-9.6
fixed
suse enterprise sap 12 SP5
3.20.8-10.4.50
fixed
suse enterprise server 12 SP2
3.20.4-7.2
fixed
suse enterprise server 12 SP3
3.20.5-9.6
fixed
suse enterprise server 12 SP4
3.20.5-9.6
fixed
suse enterprise server 12 SP5
3.20.8-10.4.50
fixed
suse enterprise workstation 12 SP2
3.20.4-7.2
fixed
suse enterprise workstation 12 SP3
3.20.5-9.6
fixed
suse enterprise workstation 12 SP4
3.20.5-9.6
fixed
suse enterprise workstation 12 SP5
3.20.8-10.4.50
fixed
libgoa-backend-1_0-1
suse enterprise desktop 15
3.26.2-3.34
fixed
suse enterprise desktop 15 SP1
3.26.2-3.34
fixed
suse enterprise sap 12 SP5
3.20.8-10.4.50
fixed
suse enterprise sap 15
3.26.2-3.34
fixed
suse enterprise sap 15 SP1
3.26.2-3.34
fixed
suse enterprise server 12 SP2
3.20.4-7.2
fixed
suse enterprise server 12 SP3
3.20.5-9.6
fixed
suse enterprise server 12 SP4
3.20.5-9.6
fixed
suse enterprise server 12 SP5
3.20.8-10.4.50
fixed
suse enterprise server 15
3.26.2-3.34
fixed
suse enterprise server 15 SP1
3.26.2-3.34
fixed
typelib-1_0-Goa-1_0
suse enterprise desktop 12
3.10.5-1.11
fixed
suse enterprise desktop 12 SP1
3.10.5-1.11
fixed
suse enterprise desktop 12 SP2
3.20.4-7.2
fixed
suse enterprise desktop 12 SP3
3.20.5-9.6
fixed
suse enterprise desktop 12 SP4
3.20.5-9.6
fixed
suse enterprise desktop 15
3.26.2-3.34
fixed
suse enterprise desktop 15 SP1
3.26.2-3.34
fixed
suse enterprise sap 12
3.10.5-1.11
fixed
suse enterprise sap 12 SP1
3.10.5-1.11
fixed
suse enterprise sap 12 SP2
3.20.4-7.2
fixed
suse enterprise sap 12 SP3
3.20.5-9.6
fixed
suse enterprise sap 12 SP4
3.20.5-9.6
fixed
suse enterprise sap 12 SP5
3.20.8-10.4.50
fixed
suse enterprise sap 15
3.26.2-3.34
fixed
suse enterprise sap 15 SP1
3.26.2-3.34
fixed
suse enterprise server 12
3.10.5-1.11
fixed
suse enterprise server 12 SP1
3.10.5-1.11
fixed
suse enterprise server 12 SP2
3.20.4-7.2
fixed
suse enterprise server 12 SP3
3.20.5-9.6
fixed
suse enterprise server 12 SP4
3.20.5-9.6
fixed
suse enterprise server 12 SP5
3.20.8-10.4.50
fixed
suse enterprise server 15
3.26.2-3.34
fixed
suse enterprise server 15 SP1
3.26.2-3.34
fixed
suse enterprise workstation 12
3.10.5-1.11
fixed
suse enterprise workstation 12 SP1
3.10.5-1.11
fixed
suse enterprise workstation 12 SP2
3.20.4-7.2
fixed
suse enterprise workstation 12 SP3
3.20.5-9.6
fixed
suse enterprise workstation 12 SP4
3.20.5-9.6
fixed
suse enterprise workstation 12 SP5
3.20.8-10.4.50
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
http://secunia.com/advisories/51976
http://secunia.com/advisories/52791
http://ubuntu.com/usn/usn-1779-1
https://bugzilla.gnome.org/show_bug.cgi?id=693214
https://bugzilla.redhat.com/show_bug.cgi?id=894352
https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
http://secunia.com/advisories/51976
http://secunia.com/advisories/52791
http://ubuntu.com/usn/usn-1779-1
https://bugzilla.gnome.org/show_bug.cgi?id=693214
https://bugzilla.redhat.com/show_bug.cgi?id=894352
https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html