{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"lessThan": "85.0.4183.102", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering."}], "problemTypes": [{"descriptions": [{"description": "Insufficient policy enforcement", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-26T02:06:41", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://crbug.com/1122684"}, {"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"}, {"name": "openSUSE-SU-2020:1499", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"}, {"name": "openSUSE-SU-2020:1510", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"}, {"name": "openSUSE-SU-2020:1514", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"}, {"name": "FEDORA-2020-2d994b986d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"}, {"name": "FEDORA-2020-aea86f913e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"}, {"name": "openSUSE-SU-2020:1713", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"}, {"name": "DSA-4824", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4824"}, {"name": "GLSA-202101-30", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202101-30"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2020-15959", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_affected": "<", "version_value": "85.0.4183.102"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient policy enforcement"}]}]}, "references": {"reference_data": [{"name": "https://crbug.com/1122684", "refsource": "MISC", "url": "https://crbug.com/1122684"}, {"name": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"}, {"name": "openSUSE-SU-2020:1499", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"}, {"name": "openSUSE-SU-2020:1510", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"}, {"name": "openSUSE-SU-2020:1514", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"}, {"name": "FEDORA-2020-2d994b986d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"}, {"name": "FEDORA-2020-aea86f913e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"}, {"name": "openSUSE-SU-2020:1713", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"}, {"name": "DSA-4824", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4824"}, {"name": "GLSA-202101-30", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202101-30"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:30:23.418Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/1122684"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"}, {"name": "openSUSE-SU-2020:1499", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"}, {"name": "openSUSE-SU-2020:1510", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"}, {"name": "openSUSE-SU-2020:1514", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"}, {"name": "FEDORA-2020-2d994b986d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"}, {"name": "FEDORA-2020-aea86f913e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"}, {"name": "openSUSE-SU-2020:1713", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"}, {"name": "DSA-4824", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4824"}, {"name": "GLSA-202101-30", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202101-30"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2020-15959", "datePublished": "2020-09-21T19:06:34", "dateReserved": "2020-07-27T00:00:00", "dateUpdated": "2024-08-04T13:30:23.418Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B868C33-2887-4961-B741-53FF4A2CD63A", "versionEndExcluding": "85.0.4183.102", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering."}, {"lang": "es", "value": "Una aplicaci\u00f3n insuficiente de la pol\u00edtica en networking en Google Chrome versiones anteriores a 85.0.4183.102, permit\u00eda a un atacante que convenci\u00f3 al usuario de habilitar el registro para obtener informaci\u00f3n potencialmente confidencial de la memoria del proceso por medio de ingenier\u00eda social"}], "id": "CVE-2020-15959", "lastModified": "2023-11-07T03:17:57.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-21T20:15:12.617", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://crbug.com/1122684"}, {"source": "chrome-cve-admin@google.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/"}, {"source": "chrome-cve-admin@google.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202101-30"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4824"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:3740", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:85.0.4183.102-1.el6_10", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2020-09-14T00:00:00Z"}], "bugzilla": {"description": "chromium-browser: Insufficient policy enforcement in networking", "id": "1877095", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877095"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering."], "name": "CVE-2020-15959", "public_date": "2020-09-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-15959\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15959\nhttps://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"], "threat_severity": "Important", "upstream_fix": "chromium-browser 85.0.4183.102"}