CVE-2021-22929

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Brave Browser Desktop versions prior to 1.28.62

Description An information disclosure issue exists where logged warning messages include timestamps of connections to V2 onion domains in tor.log. This issue affects versions prior to 1.28.62, where the server connection time for all v2 tor domains is permanently logged to ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log.

Recommendations For versions prior to 1.28.62, update to version 1.28.62 or later to resolve the issue. As a temporary workaround, consider restricting access to the tor.log file to minimize the risk of information disclosure.

Exploit

Fix

Insertion into Log File

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532CWE-312

Related Identifiers

CVE-2021-22929

OPENSUSE-SU-2021:1513-1

OPENSUSE-SU-2021:1524-1

OPENSUSE-SU-2021_1513-1

OPENSUSE-SU-2024:11639-1

Affected Products

Brave Browser

Suse

CVE-2021-22929

Weakness Enumeration

Related Identifiers

Affected Products

References · 14