CVE: CVE-2013-5726

Export to Word

Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

S9 – Sabotage of System/App

EPSS

Score: 0.00215
Percentile: 0.44175

CVSS Scoring

CVSS v2 Score: 6.8

Severity:

Mapped CWE(s)

CWE-352 : Cross-Site Request Forgery (CSRF)

All CAPEC(s)

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
CAPEC-462: Cross-Domain Search Timing
CAPEC-467: Cross Site Identification
CAPEC-62: Cross Site Request Forgery

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:tapbots:tweetbot:1.3.3:-:*:*:*:mac:*:*
cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:ipad:*:*
cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:iphone:*:*

← Back to Home