CVE-2021-22929 — MEDIUM (6.1)

Q: What is CVE-2021-22929?

CVE-2021-22929 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

Q: How severe is CVE-2021-22929?

CVE-2021-22929 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-22929?

Check the references section above for vendor advisories and patch information. Affected products include: Brave Brave.

Vulnerability Description

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Brave	Brave	< 1.28.62

Related Weaknesses (CWE)

CWE-532 CWE-312

References

https://hackerone.com/reports/1249056ExploitPatchThird Party Advisory
https://hackerone.com/reports/1249056ExploitPatchThird Party Advisory

FAQ

What is CVE-2021-22929?

CVE-2021-22929 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

How severe is CVE-2021-22929?

CVE-2021-22929 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22929?

Check the references section above for vendor advisories and patch information. Affected products include: Brave Brave.