OpenCVE

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Nvidia	Omniverse Launcher

Configuration 1 [-]

OR	cpe:2.3:a:nvidia:omniverse_launcher::::::linux::*
	cpe:2.3:a:nvidia:omniverse_launcher::::::windows::*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5472

History

Wed, 09 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2023-08-03T16:34:47.809Z

Updated: 2024-10-09T20:26:41.730Z

Reserved: 2023-02-07T02:57:17.086Z

Link: CVE-2023-25524

Vulnrichment

Updated: 2024-08-02T11:25:19.194Z

NVD

Status : Analyzed

Published: 2023-08-03T17:15:11.527

Modified: 2023-08-08T19:58:23.307

Link: CVE-2023-25524

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25524", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-02-07T02:57:17.086Z", "datePublished": "2023-08-03T16:34:47.809Z", "dateUpdated": "2024-10-09T20:26:41.730Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Omniverse Workstation Launcher", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "\t1.8.7 and prior versions"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user\u2019s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.</span>\n\n"}], "value": "\nNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user\u2019s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.\n\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-598", "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-08-03T16:34:47.809Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.194Z"}, "title": "CVE Program Container", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T19:35:56.902537Z", "id": "CVE-2023-25524", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T20:26:41.730Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.194Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25524", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-09T19:35:56.902537Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T20:11:31.472Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Information Disclosure"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Omniverse Workstation Launcher", "versions": [{"status": "affected", "version": "\t1.8.7 and prior versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user\u2019s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user\u2019s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-598", "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-08-03T16:34:47.809Z"}}}, "cveMetadata": {"cveId": "CVE-2023-25524", "state": "PUBLISHED", "dateUpdated": "2024-10-09T20:26:41.730Z", "dateReserved": "2023-02-07T02:57:17.086Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2023-08-03T16:34:47.809Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:omniverse_launcher:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9E933DC3-BFB5-47F3-A647-D5DFCBAC90A9", "versionEndExcluding": "1.8.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:omniverse_launcher:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9561A084-D076-4399-953A-3A14DA2A54CB", "versionEndExcluding": "1.8.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user\u2019s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.\n\n"}], "id": "CVE-2023-25524", "lastModified": "2023-08-08T19:58:23.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2023-08-03T17:15:11.527", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-598"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}