Main Vulnerability Database Vulnerabilities #VU23362

#VU23362 Origin validation error in WebKitGTK+ and WPE WebKit - CVE-2019-8515

Published: December 3, 2019

Vulnerability identifier: #VU23362

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-8515

CWE-ID: CWE-346

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WebKitGTK+
WPE WebKit

Software vendor:
WebKitGTK

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the affected software does not properly verify that the source of data or communication is valid when processing maliciously crafted web content. A remote attacker can disclose sensitive user information from another domain.

Remediation

Install updates from vendor's website.

External links

https://webkitgtk.org/security/WSA-2019-0002.html

#VU23362 Origin validation error in WebKitGTK+ and WPE WebKit - CVE-2019-8515

Description

Remediation

External links

Please verify you're human