Main Vulnerability Database Vulnerabilities #VU23362

Origin validation error in WebKitGTK+ and WPE WebKit - CVE-2019-8515

Published: December 3, 2019

Vulnerability identifier: #VU23362

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-8515

CWE-ID: CWE-346

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WebKitGTK

Affected software:
WebKitGTK+
WPE WebKit

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the affected software does not properly verify that the source of data or communication is valid when processing maliciously crafted web content. A remote attacker can disclose sensitive user information from another domain.

How to mitigate CVE-2019-8515

Install updates from vendor's website.

Sources

https://webkitgtk.org/security/WSA-2019-0002.html

Origin validation error in WebKitGTK+ and WPE WebKit - CVE-2019-8515

Detailed vulnerability description

How to mitigate CVE-2019-8515

Sources

Please verify you're human