admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-16xx/CVE-2016-1658.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

218 lines
6.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2016-1658",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2016-04-18T10:59:07.077",
"lastModified": "2024-11-21T02:46:49.973",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension."
},
{
"lang": "es",
"value": "El subsistema Extensions en Google Chrome en versiones anteriores a 50.0.2661.75 conf\u00eda incorrectamente en llamadas al m\u00e9todo GetOrigin para comparaciones de origen, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener informaci\u00f3n sensible a trav\u00e9s de una extensi\u00f3n manipulada."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BEF8F1-A70F-455C-BFDD-09E0A658F702"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndIncluding": "49.0.2623.112",
"matchCriteriaId": "981F5F4F-C676-41B5-9936-E018E5C0E493"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
}
]
}
]
}
],
"references": [
{
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.debian.org/security/2016/dsa-3549",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://codereview.chromium.org/1658913002",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/573317",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://security.gentoo.org/glsa/201605-02",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.debian.org/security/2016/dsa-3549",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://codereview.chromium.org/1658913002",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://crbug.com/573317",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://security.gentoo.org/glsa/201605-02",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink