CVE-2023-22798 — MEDIUM (6.1)

Q: How severe is CVE-2023-22798?

CVE-2023-22798 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-22798?

Check the references section above for vendor advisories and patch information. Affected products include: Brave Adblock-Lists.

Vulnerability Description

Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Brave	Adblock-Lists	< 2022-05-25

Related Weaknesses (CWE)

CWE-601

References

https://hackerone.com/reports/1579374ExploitPatchThird Party Advisory
https://hackerone.com/reports/1579374ExploitPatchThird Party Advisory

FAQ

What is CVE-2023-22798?

CVE-2023-22798 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have...

How severe is CVE-2023-22798?

CVE-2023-22798 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22798?

Check the references section above for vendor advisories and patch information. Affected products include: Brave Adblock-Lists.