Lucene search

[email protected]CVE-2021-29978

HistoryAug 05, 2021 - 8:15 p.m.

CVE-2021-29978

2021-08-0520:15:08

[email protected]

web.nvd.nist.gov

483

cve-2021-29978

security audit

mozilla vpn

nvd

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON

Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3.

Affected configurations

Vulners

NVD

Node

mozillamozilla_vpnRange≤2.3

VendorProductVersionCPE
mozillamozilla_vpn*cpe:2.3:a:mozilla:mozilla_vpn:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	mozilla_vpn	*	cpe:2.3:a:mozilla:mozilla_vpn::::::::

CNA Affected

[
  {
    "product": "Mozilla VPN",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "2.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/mozilla-mobile/mozilla-vpn-client/issues/797

github.com/mozilla-mobile/mozilla-vpn-client/issues/798

github.com/mozilla-mobile/mozilla-vpn-client/issues/799

github.com/mozilla-mobile/mozilla-vpn-client/issues/800

github.com/mozilla-mobile/mozilla-vpn-client/issues/801

github.com/mozilla-mobile/mozilla-vpn-client/issues/803

github.com/mozilla-mobile/mozilla-vpn-client/issues/804

github.com/mozilla-mobile/mozilla-vpn-client/issues/805

github.com/mozilla-mobile/mozilla-vpn-client/issues/806

github.com/mozilla-mobile/mozilla-vpn-client/issues/808

github.com/mozilla-mobile/mozilla-vpn-client/issues/809

github.com/mozilla-mobile/mozilla-vpn-client/issues/810

github.com/mozilla-mobile/mozilla-vpn-client/issues/812

github.com/mozilla-mobile/mozilla-vpn-client/pull/816

www.mozilla.org/security/advisories/mfsa2021-31/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2021-29978

osv1 prion1 cnvd1 cvelist1 mozilla1 nvd1