CVE-2017-1000025 - Vulnerability Details

Vendors	Products
Gnome	Epiphany

Link	Providers
https://bugzilla.gnome.org/show_bug.cgi?id=752738
https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-05-06T00:00:00", "datePublic": "2017-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-13T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752738"}, {"tags": ["x_refsource_MISC"], "url": "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-05-06T20:43:28.275197", "ID": "CVE-2017-1000025", "REQUESTER": "mcatanzaro@gnome.org", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.gnome.org/show_bug.cgi?id=752738", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752738"}, {"name": "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver", "refsource": "MISC", "url": "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:53:06.339Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752738"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000025", "datePublished": "2017-07-13T20:00:00", "dateReserved": "2017-07-10T00:00:00", "dateUpdated": "2024-08-05T21:53:06.339Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

dateAssigned : 2017-05-06T00:00:00 (string)

datePublic : 2017-07-13T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-07-13T19:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=752738 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

DATE_ASSIGNED : 2017-05-06T20:43:28.275197 (string)

ID : CVE-2017-1000025 (string)

REQUESTER : mcatanzaro@gnome.org (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://bugzilla.gnome.org/show_bug.cgi?id=752738 (string)

refsource : CONFIRM (string)

url : https://bugzilla.gnome.org/show_bug.cgi?id=752738 (string)

}

1 : { »

name : https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver (string)

refsource : MISC (string)

url : https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T21:53:06.339Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=752738 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2017-1000025 (string)

datePublished : 2017-07-13T20:00:00 (string)

dateReserved : 2017-07-10T00:00:00 (string)

dateUpdated : 2024-08-05T21:53:06.339Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:epiphany:3.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "EEDFB818-6C5C-4096-A876-17BA2A2F1C7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE98221C-CD91-43D0-9F18-3A2AB74865ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.2:*:*:*:*:*:*:*", "matchCriteriaId": "9C60BA75-B5CF-4864-96EA-33DF903C7997", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA67A36C-BA89-4D72-9633-AE95B54F7402", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.4:*:*:*:*:*:*:*", "matchCriteriaId": "19D6362D-2572-4691-914F-11D01EFDD0C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.5:*:*:*:*:*:*:*", "matchCriteriaId": "4A58E111-8E3B-4AAA-8825-CB89512ACCAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.6:*:*:*:*:*:*:*", "matchCriteriaId": "4A8B538B-1452-4638-91A5-44015B0E6CEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.7:*:*:*:*:*:*:*", "matchCriteriaId": "ECA37FA4-F067-43F0-A6DD-16ED0255671F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.8:*:*:*:*:*:*:*", "matchCriteriaId": "F08CFDA8-97C8-440A-BEC3-7BB103608209", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.9:*:*:*:*:*:*:*", "matchCriteriaId": "DD807F01-2B8E-4F4D-A81E-ADEB644A5B51", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.18.10:*:*:*:*:*:*:*", "matchCriteriaId": "EB40BC93-019C-447D-817A-9977D098D68D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A2A94B0-327B-42CC-94D9-6BC6B141D67D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF0249CD-8AB6-4814-B9A1-DE680718B90A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.20.2:*:*:*:*:*:*:*", "matchCriteriaId": "1475432C-00CC-4BD1-B295-5A434E72BAB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.20.3:*:*:*:*:*:*:*", "matchCriteriaId": "E768FD6B-DA9B-468C-9C87-F926BC18C961", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.20.4:*:*:*:*:*:*:*", "matchCriteriaId": "E2D79A35-C832-4371-8788-E0921E027CA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.20.5:*:*:*:*:*:*:*", "matchCriteriaId": "C4411AC7-0E85-447D-BBB7-F75B4922D003", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.20.6:*:*:*:*:*:*:*", "matchCriteriaId": "73F51FCF-9DA1-4ACF-98E5-3C34B07EAF53", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "7336B3AC-D83A-420B-A56D-1EBEEE50DF55", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "96867303-0A09-4805-9563-6A18E4858CDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.22.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DB7A05C-0B4A-4773-A38D-6CA938656F51", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.22.3:*:*:*:*:*:*:*", "matchCriteriaId": "E879BF18-0776-453B-B35A-4923A3B2B4FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.22.4:*:*:*:*:*:*:*", "matchCriteriaId": "21ADBDBE-A7BE-4024-AE2F-395347711A9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.22.5:*:*:*:*:*:*:*", "matchCriteriaId": "33C7C2B5-3840-4CCC-A0C3-A286DF40B8C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "9831291F-547B-41D6-B72C-A78CFBDA4F05", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.23.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "CA5BE4E2-BE52-4C1A-866D-A8E867D13A96", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.23.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F14AE530-369D-480F-84A7-4D4ECF3F2590", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.23.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC0808E0-2536-49A2-811E-07E9145F967E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.23.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "107F5D77-36CE-4BAE-B4D2-9D92A373869A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.23.3:*:*:*:*:*:*:*", "matchCriteriaId": "CB3304E4-7AC0-4482-9479-683055FBD4D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:epiphany:3.23.4:*:*:*:*:*:*:*", "matchCriteriaId": "D8D9C9BF-B685-4C9E-A038-2252C6621D6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites."}, {"lang": "es", "value": "GNOME Web (Epiphany) versi\u00f3n 3.23 anterior a 3.23.5, versi\u00f3n 3.22 anterior a 3.22.6, versi\u00f3n 3.20 anterior a 3.20.7, versi\u00f3n 3.18 anterior a 3.18.11, y versiones anteriores, es vulnerable a un ataque de barrido del administrador de contrase\u00f1as resultando en la exfiltraci\u00f3n remota de contrase\u00f1as almacenadas para un conjunto seleccionado de sitios web."}], "id": "CVE-2017-1000025", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-17T13:18:16.703", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752738"}, {"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752738"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EEDFB818-6C5C-4096-A876-17BA2A2F1C7F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.1:*:*:*:*:*:*:* (string)

matchCriteriaId : EE98221C-CD91-43D0-9F18-3A2AB74865ED (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C60BA75-B5CF-4864-96EA-33DF903C7997 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.3:*:*:*:*:*:*:* (string)

matchCriteriaId : AA67A36C-BA89-4D72-9633-AE95B54F7402 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 19D6362D-2572-4691-914F-11D01EFDD0C6 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 4A58E111-8E3B-4AAA-8825-CB89512ACCAC (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 4A8B538B-1452-4638-91A5-44015B0E6CEA (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.7:*:*:*:*:*:*:* (string)

matchCriteriaId : ECA37FA4-F067-43F0-A6DD-16ED0255671F (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.8:*:*:*:*:*:*:* (string)

matchCriteriaId : F08CFDA8-97C8-440A-BEC3-7BB103608209 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.9:*:*:*:*:*:*:* (string)

matchCriteriaId : DD807F01-2B8E-4F4D-A81E-ADEB644A5B51 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.18.10:*:*:*:*:*:*:* (string)

matchCriteriaId : EB40BC93-019C-447D-817A-9977D098D68D (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.20.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A2A94B0-327B-42CC-94D9-6BC6B141D67D (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.20.1:*:*:*:*:*:*:* (string)

matchCriteriaId : BF0249CD-8AB6-4814-B9A1-DE680718B90A (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.20.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 1475432C-00CC-4BD1-B295-5A434E72BAB2 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.20.3:*:*:*:*:*:*:* (string)

matchCriteriaId : E768FD6B-DA9B-468C-9C87-F926BC18C961 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.20.4:*:*:*:*:*:*:* (string)

matchCriteriaId : E2D79A35-C832-4371-8788-E0921E027CA6 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.20.5:*:*:*:*:*:*:* (string)

matchCriteriaId : C4411AC7-0E85-447D-BBB7-F75B4922D003 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.20.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 73F51FCF-9DA1-4ACF-98E5-3C34B07EAF53 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.22.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7336B3AC-D83A-420B-A56D-1EBEEE50DF55 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.22.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 96867303-0A09-4805-9563-6A18E4858CDA (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.22.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 7DB7A05C-0B4A-4773-A38D-6CA938656F51 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.22.3:*:*:*:*:*:*:* (string)

matchCriteriaId : E879BF18-0776-453B-B35A-4923A3B2B4FD (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.22.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 21ADBDBE-A7BE-4024-AE2F-395347711A9A (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.22.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 33C7C2B5-3840-4CCC-A0C3-A286DF40B8C8 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.23.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 9831291F-547B-41D6-B72C-A78CFBDA4F05 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.23.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : CA5BE4E2-BE52-4C1A-866D-A8E867D13A96 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.23.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : F14AE530-369D-480F-84A7-4D4ECF3F2590 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.23.2:*:*:*:*:*:*:* (string)

matchCriteriaId : FC0808E0-2536-49A2-811E-07E9145F967E (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.23.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 107F5D77-36CE-4BAE-B4D2-9D92A373869A (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.23.3:*:*:*:*:*:*:* (string)

matchCriteriaId : CB3304E4-7AC0-4482-9479-683055FBD4D9 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:gnome:epiphany:3.23.4:*:*:*:*:*:*:* (string)

matchCriteriaId : D8D9C9BF-B685-4C9E-A038-2252C6621D6D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. (string)

}

1 : { »

lang : es (string)

value : GNOME Web (Epiphany) versión 3.23 anterior a 3.23.5, versión 3.22 anterior a 3.22.6, versión 3.20 anterior a 3.20.7, versión 3.18 anterior a 3.18.11, y versiones anteriores, es vulnerable a un ataque de barrido del administrador de contraseñas resultando en la exfiltración remota de contraseñas almacenadas para un conjunto seleccionado de sitios web. (string)

}

]

id : CVE-2017-1000025 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-07-17T13:18:16.703 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=752738 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Technical Description (string)

1 : Third Party Advisory (string)

]

url : https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=752738 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Technical Description (string)

1 : Third Party Advisory (string)

]

url : https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object