5.3
CVE-2023-25524
- EPSS 0.15%
- Veröffentlicht 03.08.2023 17:15:11
- Zuletzt bearbeitet 21.11.2024 07:49:40
- Quelle psirt@nvidia.com
- CVE-Watchlists
- Unerledigt
LoginNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nvidia ≫ Omniverse Launcher SwPlatformlinux Version < 1.8.11
Nvidia ≫ Omniverse Launcher SwPlatformwindows Version < 1.8.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.365 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| psirt@nvidia.com | 4 | 2.5 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-598 Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.