Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42519
HistoryAug 06, 2023 - 11:40 p.m.

Man-in-the-Middle (MitM)

2023-08-0623:40:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
chromium
omnibox
vulnerable
man-in-the-middle
attack
software

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

28.4%

chromium is vulnerable to Man-in-the-Middle (MitM). The vulnerability exists due to the inappropriate implementation in Omnibox of the library, which allows an attacker in privileged network position to perform a man-in-the-middle attack via malicious network traffic.

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

28.4%