#VU51625 Incomplete cleanup


Published: 2021-03-22

Vulnerability identifier: #VU51625

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-29623

CWE-ID: CWE-459

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
WebKitGTK+
Server applications / Frameworks for developing and running applications
WPE WebKit
Server applications / Frameworks for developing and running applications

Vendor: WebKitGTK
WPE WebKit

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to software fails to to fully delete browsing history under certain circumstances via the “Clear History and Website Data” option. An attacker with access to the system can obtain browsing data after cleanup.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.0.0 - 2.31.90

WPE WebKit: 2.19.93 - 2.31.90


CPE

External links
http://webkitgtk.org/security/WSA-2021-0002.html


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability