PT-2023-2036 · Gnome+1 · Epiphany+1

Published

2023-02-19

Updated

2025-03-18

CVE-2023-26081

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Epiphany (aka GNOME Web) versions through 43.0

Description The issue allows untrusted web content to trick users into exfiltrating passwords because autofill occurs in sandboxed contexts. This is related to insufficient access control in the Epiphany web browser, which can be exploited by a remote attacker to disclose protected information.

Recommendations For Epiphany (aka GNOME Web) versions through 43.0, consider disabling the autofill feature in sandboxed contexts as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Exposure of Resource to Wrong Sphere

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-284

Related Identifiers

ALT-PU-2023-1310

BDU:2023-01753

CVE-2023-26081

DLA-3423-1

GHSA-MHHF-W9XW-PP9X

MGASA-2023-0099

OESA-2023-1139

OESA-2023-1175

OPENSUSE-SU-2024:12722-1

ROSA-SA-2024-2330

Affected Products

Debian

Epiphany

PT-2023-2036 · Gnome+1 · Epiphany+1

CVE-2023-26081

Weakness Enumeration

Related Identifiers

Affected Products

References · 40