CVE-2023-40580

Опубликовано: 25 авг. 2023

Источник: nvd

CVSS3: 8.1

CVSS3: 6.5

EPSS Низкий

Описание

Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.

Ссылки

https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee
Patch
https://github.com/stellar/freighter/pull/948
Patch
https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w
Patch
Third Party Advisory
https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee
Patch
https://github.com/stellar/freighter/pull/948
Patch
https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:stellar:freighter:*:*:*:*:*:*:*:*

Версия до 5.3.1 (исключая)

EPSS

Процентиль: 21%

0.00066

Низкий

8.1 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

EPSS

Процентиль: 21%

0.00066

Низкий

8.1 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo