PT-2020-4724 · Yandex · Yandex Browser

Rafay Baloch

Published

2020-08-10

Updated

2020-10-21

CVE-2020-7369

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Yandex Browser versions prior to 20.8.4

Description: The issue is related to the misrepresentation of critical information in the address bar of the Yandex Browser, allowing an attacker to obfuscate the true source of data as presented in the browser. This can be exploited to conduct spoofing attacks.

Recommendations: For versions prior to 20.8.4, update to version 20.8.4 or later to resolve the issue.

Exploit

Fix

Missing Authentication

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-451

Related Identifiers

BDU:2020-05276

CVE-2020-7369

Affected Products

Yandex Browser

PT-2020-4724 · Yandex · Yandex Browser

CVE-2020-7369

Weakness Enumeration

Related Identifiers

Affected Products

References · 7