Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2020-8276
HistoryNov 09, 2020 - 2:05 p.m.

CVE-2020-8276

2020-11-0914:05:23
CWE-312
hackerone
www.cve.org

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The implementation of Brave Desktop’s privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave’s server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window.

CNA Affected

[
  {
    "product": "https://github.com/brave/brave-core",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "v1.18.35"
      }
    ]
  }
]

Related

nvd 1
hackerone 1
osv 1
cve 1
prion 1
nvd
nvd
CVE-2020-8276
2020-11-09 15:15:13
hackerone
hackerone
Brave Software: Brave Browser potentially logs the last time a Tor window was used
2020-11-02 17:48:48
osv
osv
CVE-2020-8276
2020-11-09 15:15:13
cve
cve
CVE-2020-8276
2020-11-09 15:15:13
prion
prion
Information disclosure
2020-11-09 15:15:00

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVELIST:CVE-2020-8276
nvd1hackerone1osv1cve1prion1