nvd-json-data-feeds/CVE-2022/CVE-2022-240xx/CVE-2022-24075.json

{
  "id": "CVE-2022-24075",
  "sourceIdentifier": "cve@navercorp.com",
  "published": "2022-03-17T06:15:06.950",
  "lastModified": "2024-11-21T06:49:46.480",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
    },
    {
      "lang": "es",
      "value": "Whale browser versiones anteriores a 3.12.129.18, permit\u00eda que las extensiones sustituyeran a archivos JavaScript del sitio web del visualizador de HWP que pod\u00edan acceder a archivos locales de HWP. Cuando eran abiertos archivos HWP, el script sustituido pod\u00eda leer los archivos"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "baseScore": 4.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve@navercorp.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "3.12.129.18",
              "matchCriteriaId": "47138F1B-655D-4459-905C-7BFA3A326DC5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cve.naver.com/detail/cve-2022-24075",
      "source": "cve@navercorp.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://cve.naver.com/detail/cve-2022-24075",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}