Lucene search

NvidiaVULNRICHMENT:CVE-2024-0098

HistoryMay 09, 2024 - 10:16 p.m.

CVE-2024-0098 CVE

2024-05-0922:16:43

CWE-319

nvidia

github.com

nvidia

chatrtx

windows

vulnerability

backend

transmission

sensitive information

exploit

disclosure

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information disclosure.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "chatrtx",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "0.2.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5533

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-0098