Lucene search

[email protected]NVD:CVE-2023-25524

HistoryAug 03, 2023 - 5:15 p.m.

CVE-2023-25524

2023-08-0317:15:11

CWE-598

[email protected]

web.nvd.nist.gov

nvidia

omniverse

workstation

launcher

authentication

vulnerability

windows

linux

access token

browser

address bar

attacker

impersonate

resources

information disclosure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user’s address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.

Affected configurations

Nvd

Node

nvidiaomniverse_launcherRange<1.8.11linux

nvidiaomniverse_launcherRange<1.8.11windows

VendorProductVersionCPE
nvidiaomniverse_launcher*cpe:2.3:a:nvidia:omniverse_launcher:*:*:*:*:*:linux:*:*
nvidiaomniverse_launcher*cpe:2.3:a:nvidia:omniverse_launcher:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
nvidia	omniverse_launcher	*	cpe:2.3:a:nvidia:omniverse_launcher::::::linux::*
nvidia	omniverse_launcher	*	cpe:2.3:a:nvidia:omniverse_launcher::::::windows::*

References

nvidia.custhelp.com/app/answers/detail/a_id/5472

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON

Related for NVD:CVE-2023-25524

cvelist1 cve1 nvidia1 prion1