Auto-merge PR#2107

2025-08-04 08:44:25 +00:00 · 2021-06-25 15:25:16 -04:00 · 2021-06-25 15:25:16 -04:00 · ee5a5a707c
commit ee5a5a707c
parent 50ba6fd6b5 ee976320fe
1 changed files with 77 additions and 6 deletions
--- a/2021/1xxx/CVE-2021-1073.json
+++ b/2021/1xxx/CVE-2021-1073.json
@ -1,18 +1,89 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "psirt@nvidia.com",
        "ID": "CVE-2021-1073",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "NVIDIA GeForce Experience Software",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "All versions prior to 3.23"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "NVIDIA"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng"
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users' data being accessed, altered, or lost."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.3,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "denial of service, information disclosure, or data loss"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199",
+                "refsource": "CONFIRM",
+                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5199"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "UNKNOWN"
    }
 }