PT-2018-6612 · Parity · Parity Browser

Tintinweb

Publicado

2018-01-11

Atualizado

2019-10-03

CVE-2017-18016

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Parity Browser versions 1.6.10 and earlier

Description: The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine. This is possible because the current website's token is reused and not bound to an origin.

Recommendations: For Parity Browser versions 1.6.10 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346

Identificadores relacionados

CVE-2017-18016

Produtos afetados

Parity Browser

PT-2018-6612 · Parity · Parity Browser

CVE-2017-18016

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6