Lucene search

[email protected]NVD:CVE-2023-22798

HistoryFeb 09, 2023 - 8:15 p.m.

CVE-2023-22798

2023-02-0920:15:11

CWE-601

[email protected]

web.nvd.nist.gov

adblock-lists

facebook

redirect interceptors

open redirects

debouncing

security feature

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

40.7%

JSON

Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave’s redirect interceptor removal feature is known as “debouncing” and is intended to remove unnecessary redirects that track users across the web.

Affected configurations

Nvd

Node

braveadblock-listsRange<2022-05-25

VendorProductVersionCPE
braveadblock-lists*cpe:2.3:a:brave:adblock-lists:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
brave	adblock-lists	*	cpe:2.3:a:brave:adblock-lists::::::::

References

hackerone.com/reports/1579374

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

40.7%

JSON

Related for NVD:CVE-2023-22798

cve1 hackerone1 prion1 cvelist1