8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
75.8%
Severity: High
Date : 2020-02-17
CVE-ID : CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868
Package : webkit2gtk
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1100
The package webkit2gtk before version 2.26.4-1 is vulnerable to
multiple issues including arbitrary code execution, cross-site
scripting, sandbox escape, denial of service and same-origin policy
bypass.
Upgrade to 2.26.4-1.
The problems have been fixed upstream in version 2.26.4.
None.
A malicious website may be able to cause a denial of service.
A DOM object context may not have had a unique security origin.
A top-level DOM object context may have incorrectly been considered
secure.
Processing maliciously crafted web content may lead to universal cross
site scripting.
Processing maliciously crafted web content may lead to arbitrary code
execution. Credit to Marcin Towalski of Cisco Talos.
A remote attacker can bypass security restrictions via universal cross-
site scripting or execute arbitrary code via crafted web content.
https://webkitgtk.org/security/WSA-2020-0002.html
https://security.archlinux.org/CVE-2020-3862
https://security.archlinux.org/CVE-2020-3864
https://security.archlinux.org/CVE-2020-3865
https://security.archlinux.org/CVE-2020-3867
https://security.archlinux.org/CVE-2020-3868
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | webkit2gtk | < 2.26.4-1 | UNKNOWN |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
75.8%