Lucene search

NvidiaCVELIST:CVE-2023-25524

HistoryAug 03, 2023 - 4:34 p.m.

CVE-2023-25524

2023-08-0316:34:47

CWE-598

nvidia

www.cve.org

nvidia

omniverse

workstation

windows

linux

authentication

vulnerability

browser

address bar

impersonate

exploit

information disclosure

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user’s address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Omniverse Workstation Launcher",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "\t1.8.7 and prior versions"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5472

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON

Related for CVELIST:CVE-2023-25524