CVE-2018-6849

Опубликовано: 01 апр. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Высокий

Описание

In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.

Ссылки

https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html
Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/9538
Issue Tracking
Third Party Advisory
https://news.ycombinator.com/item?id=16699270
Third Party Advisory
https://voidsec.com/vpn-leak/
Third Party Advisory
https://www.exploit-db.com/exploits/44403/
Exploit
Third Party Advisory
VDB Entry
https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html
Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/9538
Issue Tracking
Third Party Advisory
https://news.ycombinator.com/item?id=16699270
Third Party Advisory
https://voidsec.com/vpn-leak/
Third Party Advisory
https://www.exploit-db.com/exploits/44403/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:duckduckgo:duckduckgo:4.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.76795

Высокий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-637h-2rp3-w54w

CVSS3: 4.3

github

больше 3 лет назад

EPSS

Процентиль: 99%

0.76795

Высокий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200