Vulnerability Description
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parity | Browser | 1.6.10 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2018/01/10/1ExploitMailing ListThird Party Advisory
- https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726PatchThird Party Advisory
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016ExploitTechnical DescriptionThird Party Advisory
- https://www.exploit-db.com/exploits/43499/ExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2018/01/10/1ExploitMailing ListThird Party Advisory
- https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726PatchThird Party Advisory
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016ExploitTechnical DescriptionThird Party Advisory
- https://www.exploit-db.com/exploits/43499/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-18016?
CVE-2017-18016 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the cu...
How severe is CVE-2017-18016?
CVE-2017-18016 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18016?
Check the references section above for vendor advisories and patch information. Affected products include: Parity Browser.