Lucene search

[email protected]NVD:CVE-2024-25677

HistoryFeb 09, 2024 - 9:15 a.m.

CVE-2024-25677

2024-02-0909:15:08

[email protected]

web.nvd.nist.gov

min browser

local files

security origin

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.

Affected configurations

Nvd

Node

minbrowserminMatch1.29.0

VendorProductVersionCPE
minbrowsermin1.29.0cpe:2.3:a:minbrowser:min:1.29.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
minbrowser	min	1.29.0	cpe:2.3:a:minbrowser:min:1.29.0:::::::*

References

github.com/minbrowser/min/security/advisories/GHSA-4w9v-7h8h-rv8x

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Related for NVD:CVE-2024-25677

cvelist1 vulnrichment1 prion1 cve1