Main Vulnerability Database Vulnerabilities #VU51625

Incomplete cleanup in WebKitGTK+ and WPE WebKit - CVE-2020-29623

Published: March 22, 2021

Vulnerability identifier: #VU51625

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-29623

CWE-ID: CWE-459

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: WebKitGTK

Affected software:
WebKitGTK+
WPE WebKit

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to software fails to to fully delete browsing history under certain circumstances via the “Clear History and Website Data” option. An attacker with access to the system can obtain browsing data after cleanup.

How to mitigate CVE-2020-29623

Install updates from vendor's website.

Sources

https://webkitgtk.org/security/WSA-2021-0002.html

Incomplete cleanup in WebKitGTK+ and WPE WebKit - CVE-2020-29623

Detailed vulnerability description

How to mitigate CVE-2020-29623

Sources

Please verify you're human