OpenCVE

Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Brave	Browser

Configuration 1 [-]

cpe:2.3:a:brave:browser:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/brave/brave-browser/issues/32449
https://github.com/brave/brave-browser/issues/32473
https://github.com/brave/brave-core/pull/19820
https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-30T00:00:00

Updated: 2024-08-02T22:55:41.626Z

Reserved: 2023-12-30T00:00:00

Link: CVE-2023-52263

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-30T19:15:08.253

Modified: 2024-11-21T08:39:28.927

Link: CVE-2023-52263

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brave:browser:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA80DCA2-44C6-45ED-BED6-A34F25D2A86D", "versionEndExcluding": "1.59.40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc."}, {"lang": "es", "value": "Brave Browser anterior a 1.59.40 no restringe adecuadamente el esquema para la f\u00e1brica WebUI y la redirecci\u00f3n. Esto est\u00e1 relacionado con browser/brave_content_browser_client.cc y browser/ui/webui/brave_web_ui_controller_factory.cc."}], "id": "CVE-2023-52263", "lastModified": "2024-11-21T08:39:28.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-30T19:15:08.253", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/brave/brave-browser/issues/32449"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/brave/brave-browser/issues/32473"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/brave/brave-core/pull/19820"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/brave/brave-browser/issues/32449"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/brave/brave-browser/issues/32473"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/brave/brave-core/pull/19820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}