Lucene search
HistoryMar 02, 2007 - 9:18 p.m.
CVE-2007-1191
cve-2007-1191
social bookmarks
del.icio.us
quicksilver
plaintext passwords
sensitive information
local users
file reading vulnerability
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
Affected configurations
Node
quicksilverdel.icio.us_moduleMatch8f
| CPE | Name | Operator | Version |
|---|---|---|---|
| quicksilver:del.icio.us_module | quicksilver del.icio.us module | eq | 8f |
Related
cvelist
cvelist
CVE-2007-1191
2007-03-02 19:00:00
prion
prion
Design/Logic Flaw
2007-03-02 21:18:00
nvd
nvd
CVE-2007-1191
2007-03-02 21:18:00
securityvulns
securityvulns
Quicksilver Social Bookmark information leak
2007-02-28 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2007-1191