Vulnerability Description
In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opera | Opera Browser | 51.0.2830.55 |
Related Weaknesses (CWE)
References
- https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_Third Party Advisory
- https://github.com/VoidSec/WebRTC-LeakThird Party Advisory
- https://news.ycombinator.com/item?id=16699270Issue Tracking
- https://voidsec.com/vpn-leak/Third Party Advisory
- https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customersThird Party Advisory
- https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_Third Party Advisory
- https://github.com/VoidSec/WebRTC-LeakThird Party Advisory
- https://news.ycombinator.com/item?id=16699270Issue Tracking
- https://voidsec.com/vpn-leak/Third Party Advisory
- https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customersThird Party Advisory
FAQ
What is CVE-2018-6608?
CVE-2018-6608 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP add...
How severe is CVE-2018-6608?
CVE-2018-6608 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6608?
Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser.