Information Exposure Affecting epiphany-browser package, versions <3.22.6-1
Threat Intelligence
EPSS
0.16% (54th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-EPIPHANYBROWSER-524358
- published 17 Jul 2017
- disclosed 17 Jul 2017
Introduced: 17 Jul 2017
CVE-2017-1000025 Open this link in a new tabHow to fix?
Upgrade Debian:11 epiphany-browser to version 3.22.6-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream epiphany-browser package and not the epiphany-browser package as distributed by Debian.
See How to fix? for Debian:11 relevant fixed versions and status.
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.