CVE-2023-28360

EPSS 0.12%
Veröffentlicht 11.05.2023 22:15:10
Zuletzt bearbeitet 27.01.2025 17:15:12
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Brave ≫ Brave Version < 1.48.171

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.318

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-223 Omission of Security-relevant Information

The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.

https://hackerone.com/reports/1848062

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28360

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28360

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28360

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-28360