Security Advisory

CVE-2019-19251

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-10 14:26:52

Last updated 2024-08-05 02:09:39

Assigner mitre

State PUBLISHED

Description

The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.

← Browse all CVEs View on cve.org ↗