admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-299xx/CVE-2021-29974.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

143 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-29974",
"sourceIdentifier": "security@mozilla.org",
"published": "2021-08-05T20:15:08.697",
"lastModified": "2024-11-21T06:02:05.647",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90."
},
{
"lang": "es",
"value": "Cuando se habilitaba la partici\u00f3n de la red, por ejemplo, como resultado de la configuraci\u00f3n de la Protecci\u00f3n de Seguimiento Mejorada, una p\u00e1gina de error TLS permit\u00eda al usuario anular un error en un dominio que hab\u00eda especificado Seguridad de Transporte Estricta HTTP (que implica que el error no deber\u00eda poder anularse). Esta vulnerabilidad afecta a Firefox versiones anteriores a 90"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"baseScore": 2.6,
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "90.0",
"matchCriteriaId": "FA0BA5A6-A40E-418E-A536-9A14711264B7"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1704843",
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202202-03",
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1704843",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202202-03",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink