Описание
Playwright Spoofing Vulnerability
Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.
According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?
This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
EPSS
5.3 Medium
CVSS3