CVE-2012-1257
published 2019-11-20CVE-2012-1257: Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
PriorityP425medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EXPLOIT
EPSS
0.74%
50.0th percentile
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pidgin | — | — |
| pidgin | pidgin | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2012-1257: pidgin - Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local ...
vendor_debian·2012·CVSS 5.5
CVE-2012-1257 [MEDIUM] CVE-2012-1257: pidgin - Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local ...
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
Red Hat
pidgin: libpurple no way to restrict "private" messages from being sent over session dbus
vendor_redhat·2011-12-20·CVSS 5.5
CVE-2012-1257 [MEDIUM] pidgin: libpurple no way to restrict "private" messages from being sent over session dbus
pidgin: libpurple no way to restrict "private" messages from being sent over session dbus
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: pidgin (Red Hat Enterprise Linux 4) - Will not fix
Package: pidgin (Red Hat Enterprise Linux 5) - Will not fix
Package: pidgin (Red Hat Enterprise Linux 6) - Will not fix
GHSA
GHSA-37jx-v87h-x8gc: Pidgin 2
ghsa_unreviewed·2022-04-23
CVE-2012-1257 [MEDIUM] CWE-319 GHSA-37jx-v87h-x8gc: Pidgin 2
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
OSV
CVE-2012-1257: Pidgin 2
osv·2019-11-20·CVSS 5.5
CVE-2012-1257 [MEDIUM] CVE-2012-1257: Pidgin 2
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
No detection rules found.
2019-11-20
Published