FKIE_CVE-2018-6051

Vulnerability from fkie_nvd - Published: 2018-09-25 14:29 - Updated: 2024-11-21 04:09
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
References
chrome-cve-admin@google.comhttp://www.securityfocus.com/bid/102797
chrome-cve-admin@google.comhttp://www.securitytracker.com/id/1040282
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2018:0265
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
chrome-cve-admin@google.comhttps://crbug.com/441275
chrome-cve-admin@google.comhttps://www.debian.org/security/2018/dsa-4103
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102797
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040282
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0265
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/441275
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4103
Impacted products
Vendor Product Version
google chrome *
debian debian_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA764B9B-8048-4775-A9F7-3DD41AA467A7",
              "versionEndExcluding": "64.0.3282.119",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page."
    },
    {
      "lang": "es",
      "value": "XSS Auditor en Google Chrome en versiones anteriores a la 64.0.3282.119 no asegur\u00f3 que la URL de reporte estaba en el mismo origen que la p\u00e1gina en la que estaba, lo que permit\u00eda que un atacante remoto obtuviese detalles de referrer mediante una p\u00e1gina HTML manipulada."
    }
  ],
  "id": "CVE-2018-6051",
  "lastModified": "2024-11-21T04:09:57.887",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-25T14:29:03.523",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securityfocus.com/bid/102797"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securitytracker.com/id/1040282"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:0265"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://crbug.com/441275"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://www.debian.org/security/2018/dsa-4103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/102797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1040282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:0265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://crbug.com/441275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2018/dsa-4103"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.