CVE-2017-8458 — MEDIUM (6.5)

Vulnerability Description

Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Brave	Brave	0.12.4

Related Weaknesses (CWE)

CWE-74

References

https://github.com/brave/browser-laptop/issues/4748Issue TrackingPatchThird Party Advisory
https://hackerone.com/reports/175529ExploitThird Party AdvisoryVDB Entry
https://github.com/brave/browser-laptop/issues/4748Issue TrackingPatchThird Party Advisory
https://hackerone.com/reports/175529ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2017-8458?

CVE-2017-8458 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example...

How severe is CVE-2017-8458?

CVE-2017-8458 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8458?

Check the references section above for vendor advisories and patch information. Affected products include: Brave Brave.