Main Vulnerability Database Vulnerabilities #VU51625

#VU51625 Incomplete cleanup in WebKitGTK+ and WPE WebKit - CVE-2020-29623

Published: March 22, 2021

Vulnerability identifier: #VU51625

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-29623

CWE-ID: CWE-459

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
WebKitGTK+
WPE WebKit

Software vendor:
WebKitGTK

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to software fails to to fully delete browsing history under certain circumstances via the “Clear History and Website Data” option. An attacker with access to the system can obtain browsing data after cleanup.

Remediation

Install updates from vendor's website.

External links

https://webkitgtk.org/security/WSA-2021-0002.html

#VU51625 Incomplete cleanup in WebKitGTK+ and WPE WebKit - CVE-2020-29623

Description

Remediation

External links

Please verify you're human