PT-2023-2036 · Gnome+1 · Epiphany+1

Publicado

2023-02-19

Atualizado

2025-03-18

CVE-2023-26081

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Epiphany (aka GNOME Web) versions through 43.0

Description The issue allows untrusted web content to trick users into exfiltrating passwords because autofill occurs in sandboxed contexts. This is related to insufficient access control in the Epiphany web browser, which can be exploited by a remote attacker to disclose protected information.

Recommendations For Epiphany (aka GNOME Web) versions through 43.0, consider disabling the autofill feature in sandboxed contexts as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Exposure of Resource to Wrong Sphere

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-668CWE-284

Identificadores relacionados

ALT-PU-2023-1310

BDU:2023-01753

CVE-2023-26081

DLA-3423-1

GHSA-MHHF-W9XW-PP9X

MGASA-2023-0099

OESA-2023-1139

OESA-2023-1175

OPENSUSE-SU-2024:12722-1

ROSA-SA-2024-2330

Produtos afetados

Debian

Epiphany

PT-2023-2036 · Gnome+1 · Epiphany+1

CVE-2023-26081

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40