Vulnerability Description
Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stellar | Freighter | < 5.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90Patch
- https://github.com/stellar/freighter/pull/948Patch
- https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775wPatchThird Party Advisory
- https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90Patch
- https://github.com/stellar/freighter/pull/948Patch
- https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775wPatchThird Party Advisory
FAQ
What is CVE-2023-40580?
CVE-2023-40580 is a vulnerability with a CVSS score of 8.1 (HIGH). Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access cont...
How severe is CVE-2023-40580?
CVE-2023-40580 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40580?
Check the references section above for vendor advisories and patch information. Affected products include: Stellar Freighter.