CVE-2023-28364

2023-07-0100:15:10

CWE-601

[email protected]

web.nvd.nist.gov

brave browser

android

open redirect

cve-2023-28364

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.

Affected configurations

NVD

Node

bravebrowserRange<1.52.117

CPENameOperatorVersion
brave:browserbrave browserlt1.52.117

CPE	Name	Operator	Version
brave:browser	brave browser	lt	1.52.117

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Brave Software",
    "product": "Brave Browser Android",
    "versions": [
      {
        "version": "1.52.117",
        "status": "affected",
        "lessThan": "1.52.117",
        "versionType": "semver"
      }
    ]
  }
]