Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1257Cleartext Transmission of Sensitive Info in Pidgin

CWE-319Cleartext Transmission of Sensitive Info7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 52.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
PidginDebian Pidgin
Timeline
PublishedNov 20
Latest updateApr 23

Description

Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDpidgin/pidgin2.10.0
debiandebian/pidgin

🔴Vulnerability Details

2
GHSA
GHSA-37jx-v87h-x8gc: Pidgin 22022-04-23
OSV
CVE-2012-1257: Pidgin 22019-11-20

💥Exploits & PoCs

1
Exploit-DB
libpurple 2.8.10 - OTR Information Disclosure2012-02-25

📋Vendor Advisories

2
Debian
CVE-2012-1257: pidgin - Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local ...2012
Red Hat
pidgin: libpurple no way to restrict "private" messages from being sent over session dbus2011-12-20

💬Community

1
Bugzilla
CVE-2012-1257 pidgin: libpurple no way to restrict "private" messages from being sent over session dbus2012-02-28