Nixpkgs Security Tracker

Permalink CVE-2014-1423

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 month, 1 week ago

Online Accounts Signon daemon gives out all oauth tokens to any app

signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.

References

http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644 x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645 x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380 x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644 x_transferred x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645 x_transferred x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380 x_transferred x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644 x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645 x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380 x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645 x_transferred x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380 x_transferred x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644 x_transferred x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644 x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645 x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380 x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644 x_transferred x_refsource_MISC
http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645 x_transferred x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380 x_transferred x_refsource_MISC

Affected products

signon

<8.57+15.04.20141127.1-0ubuntu1

Matching in nixpkgs

pkgs.libsignon-glib

Library for managing single signon credentials which can be used from GLib applications

nixos-unstable 2.1
- nixpkgs-unstable 2.1
- nixos-unstable-small 2.1
nixos-25.11 2.1
- nixos-25.11-small 2.1
- nixpkgs-25.11-darwin 2.1

pkgs.libsForQt5.signond

Signon Daemon for Qt

nixos-unstable 8.61-unstable-2023-11-24
- nixpkgs-unstable 8.61-unstable-2023-11-24
- nixos-unstable-small 8.61-unstable-2023-11-24
nixos-25.11 8.61-unstable-2023-11-24
- nixos-25.11-small 8.61-unstable-2023-11-24
- nixpkgs-25.11-darwin 8.61-unstable-2023-11-24

pkgs.kdePackages.signond

Signon Daemon for Qt

nixos-unstable 8.61-unstable-2023-11-24
- nixpkgs-unstable 8.61-unstable-2023-11-24
- nixos-unstable-small 8.61-unstable-2023-11-24
nixos-25.11 8.61-unstable-2023-11-24
- nixos-25.11-small 8.61-unstable-2023-11-24
- nixpkgs-25.11-darwin 8.61-unstable-2023-11-24

pkgs.qt6Packages.signond

Signon Daemon for Qt

nixos-unstable 8.61-unstable-2023-11-24
- nixpkgs-unstable 8.61-unstable-2023-11-24
- nixos-unstable-small 8.61-unstable-2023-11-24
nixos-25.11 8.61-unstable-2023-11-24
- nixos-25.11-small 8.61-unstable-2023-11-24
- nixpkgs-25.11-darwin 8.61-unstable-2023-11-24

pkgs.plasma5Packages.signond

Signon Daemon for Qt

nixos-unstable 8.61-unstable-2023-11-24
- nixpkgs-unstable 8.61-unstable-2023-11-24
- nixos-unstable-small 8.61-unstable-2023-11-24
nixos-25.11 8.61-unstable-2023-11-24
- nixos-25.11-small 8.61-unstable-2023-11-24
- nixpkgs-25.11-darwin 8.61-unstable-2023-11-24

pkgs.kdePackages.signon-kwallet-extension

KWallet integration for the SignOn framework (gitlab.com/accounts-sso)

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@FRidh Frederik Rietdijk <fridh@fridh.nl>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@bkchr Bastian Köcher <nixos@kchr.de>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@K900 Ilya K. <me@0upti.me>
@freezeboy freezeboy

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.libsignon-glib

pkgs.libsForQt5.signond

pkgs.kdePackages.signond

pkgs.qt6Packages.signond

pkgs.plasma5Packages.signond

pkgs.kdePackages.signon-kwallet-extension

Package maintainers