Vulnerability Details CVE-2014-1423
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.4%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644
- http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645
- https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380
- http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644
- http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645
- https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380
Products affected by CVE-2014-1423
-
cpe:2.3:a:signond_project:signond:*
-
cpe:2.3:a:ubports:ubuntu_touch:-