- Description
- Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-352
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tapbots:tweetbot:1.3.3:-:*:*:*:mac:*:*",
"vulnerable": true,
"matchCriteriaId": "C3E6D204-A72F-41B7-B091-AE4A0BD871AB"
},
{
"criteria": "cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:ipad:*:*",
"vulnerable": true,
"matchCriteriaId": "4EEEC4B9-1D7F-435B-920D-24AF39C758EE"
},
{
"criteria": "cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:iphone:*:*",
"vulnerable": true,
"matchCriteriaId": "2C66EF3D-9C61-4941-9944-0FB6D9A0CFD1"
}
],
"operator": "OR"
}
]
}
]