Описание
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
Ссылки
- ExploitMailing ListThird Party Advisory
- PatchThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- PatchThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:parity:browser:1.6.10:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01252
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-346
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
EPSS
Процентиль: 79%
0.01252
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-346