Lucene search

[email protected]CVE-2021-22929

HistoryAug 31, 2021 - 5:15 p.m.

CVE-2021-22929

2021-08-3117:15:07

CWE-532

CWE-312

[email protected]

web.nvd.nist.gov

brave browser

information disclosure

cve-2021-22929

security vulnerability

nvd

v2 onion domains

tor.log

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

Affected configurations

NVD

Node

bravebraveRange<1.28.62

CPENameOperatorVersion
brave:bravebravelt1.28.62

CPE	Name	Operator	Version
brave:brave	brave	lt	1.28.62

CNA Affected

[
  {
    "product": "https://github.com/brave/brave-core",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "1.28.62"
      }
    ]
  }
]