Vulnerability-Lookup

CVE-2021-23968 (GCVE-0-2021-23968)

Vulnerability from cvelistv5 – Published: 2021-02-26 01:59 – Updated: 2024-08-03 19:14

Summary

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Severity ?

No CVSS data available.

CWE

Content Security Policy violation report could have contained the destination of a redirect

Assigner

mozilla

References

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=1687342	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2021/dsa-4866	vendor-advisoryx_refsource_DEBIAN
	https://security.gentoo.org/glsa/202104-10	vendor-advisoryx_refsource_GENTOO
	https://security.gentoo.org/glsa/202104-09	vendor-advisoryx_refsource_GENTOO

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Affected: < 86

	Mozilla	Thunderbird	Affected: < 78.8
	Mozilla	Firefox ESR	Affected: < 78.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:09.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"
          },
          {
            "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
          },
          {
            "name": "DSA-4866",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4866"
          },
          {
            "name": "GLSA-202104-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-10"
          },
          {
            "name": "GLSA-202104-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-09"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 86"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 78.8"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 78.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Content Security Policy violation report could have contained the destination of a redirect",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-01T01:08:19.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"
        },
        {
          "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
        },
        {
          "name": "DSA-4866",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4866"
        },
        {
          "name": "GLSA-202104-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-10"
        },
        {
          "name": "GLSA-202104-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-09"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-23968",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 86"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 78.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 78.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Content Security Policy violation report could have contained the destination of a redirect"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-07/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-09/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-08/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"
            },
            {
              "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
            },
            {
              "name": "DSA-4866",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4866"
            },
            {
              "name": "GLSA-202104-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-10"
            },
            {
              "name": "GLSA-202104-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-09"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-23968",
    "datePublished": "2021-02-26T01:59:36.000Z",
    "dateReserved": "2021-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:14:09.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-143

Vulnerability from certfr_avis - Published: 2021-02-24 - Updated: 2021-02-24

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox ESR versions antérieures à 78.8
	Mozilla	Firefox	Firefox versions antérieures à 86

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2021-07 du 23 février 2021	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2021-08 du 23 février 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 78.8",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 86",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23970"
    },
    {
      "name": "CVE-2021-23977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23977"
    },
    {
      "name": "CVE-2021-23976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23976"
    },
    {
      "name": "CVE-2021-23975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23975"
    },
    {
      "name": "CVE-2021-23979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23979"
    },
    {
      "name": "CVE-2021-23974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23974"
    },
    {
      "name": "CVE-2021-23973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
    },
    {
      "name": "CVE-2021-23971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23971"
    },
    {
      "name": "CVE-2021-23968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
    },
    {
      "name": "CVE-2020-26954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26954"
    },
    {
      "name": "CVE-2021-23969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
    },
    {
      "name": "CVE-2021-23972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23972"
    },
    {
      "name": "CVE-2021-23978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
    }
  ],
  "initial_release_date": "2021-02-24T00:00:00",
  "last_revision_date": "2021-02-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-143",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-07 du 23 f\u00e9vrier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-08 du 23 f\u00e9vrier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/"
    }
  ]
}

CERTFR-2021-AVI-144

Vulnerability from certfr_avis - Published: 2021-02-24 - Updated: 2021-03-01

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 78.8

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2021-09 du 23 février 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 78.8",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
    },
    {
      "name": "CVE-2021-23968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
    },
    {
      "name": "CVE-2021-23969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
    },
    {
      "name": "CVE-2021-23978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
    }
  ],
  "initial_release_date": "2021-02-24T00:00:00",
  "last_revision_date": "2021-03-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-144",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-24T00:00:00.000000"
    },
    {
      "description": "Correction du bulletin de s\u00e9curit\u00e9 Mozilla.",
      "revision_date": "2021-03-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-09 du 23 f\u00e9vrier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/"
    }
  ]
}

CNVD-2021-15357

Vulnerability from cnvd - Published: 2021-03-08

Title

Mozilla Firefox存在未明漏洞（CNVD-2021-15357）

Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 中存在安全漏洞。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Mozilla Firefox存在未明漏洞（CNVD-2021-15357）的补丁

Patch Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 中存在安全漏洞。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/

Reference

https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html

Impacted products

Name
['Mozilla Firefox <86', 'Mozilla Thunderbird <78.8', 'Mozilla Firefox ESR <78.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-23968",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
    }
  },
  "description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox \u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-09/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-15357",
  "openTime": "2021-03-08",
  "patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox \u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-15357\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c86",
      "Mozilla Thunderbird \u003c78.8",
      "Mozilla Firefox ESR \u003c78.8"
    ]
  },
  "referenceLink": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-05",
  "title": "Mozilla Firefox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-15357\uff09"
}

FKIE_CVE-2021-23968

Vulnerability from fkie_nvd - Published: 2021-02-26 02:15 - Updated: 2024-11-21 05:52

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1687342	Issue Tracking, Permissions Required, Vendor Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html	Mailing List, Third Party Advisory
security@mozilla.org	https://security.gentoo.org/glsa/202104-09	Third Party Advisory
security@mozilla.org	https://security.gentoo.org/glsa/202104-10	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2021/dsa-4866	Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2021-07/	Release Notes, Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2021-08/	Release Notes, Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2021-09/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1687342	Issue Tracking, Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202104-09	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202104-10	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4866	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2021-07/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2021-08/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2021-09/	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox_esr	*
mozilla	thunderbird	*
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89580DC6-183F-46F0-A27E-4E16D6B10EB6",
              "versionEndExcluding": "86.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A523AED-F145-4D51-BF78-95B61B8A0B34",
              "versionEndExcluding": "78.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ABA16AF-38C2-4445-B41F-9228C97A89C1",
              "versionEndExcluding": "78.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
    },
    {
      "lang": "es",
      "value": "Si la Pol\u00edtica de Seguridad de Contenido bloqueaba la navegaci\u00f3n de tramas, el destino completo de un redireccionamiento servido en la trama se reportaba en el informe de infracci\u00f3n;\u0026#xa0;a diferencia del URI de la trama original.\u0026#xa0;Esto podr\u00eda ser usado para filtrar informaci\u00f3n confidencial contenida en dichos URI.\u0026#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 86, Thunderbird versiones anteriores a 78,8 y Firefox ESR versiones anteriores a 78,8"
    }
  ],
  "id": "CVE-2021-23968",
  "lastModified": "2024-11-21T05:52:07.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-26T02:15:12.820",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-09"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-10"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4866"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-94JC-V9RF-W32J

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-28 00:00

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-23968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-26T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
  "id": "GHSA-94jc-v9rf-w32j",
  "modified": "2022-05-28T00:00:23Z",
  "published": "2022-05-24T17:43:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-09"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-10"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4866"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-07"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-08"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-23968

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-23968

Aliases

CVE-2021-23968

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-23968",
    "description": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
    "id": "GSD-2021-23968",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-23968.html",
      "https://www.debian.org/security/2021/dsa-4866",
      "https://www.debian.org/security/2021/dsa-4862",
      "https://access.redhat.com/errata/RHSA-2021:0662",
      "https://access.redhat.com/errata/RHSA-2021:0661",
      "https://access.redhat.com/errata/RHSA-2021:0660",
      "https://access.redhat.com/errata/RHSA-2021:0659",
      "https://access.redhat.com/errata/RHSA-2021:0658",
      "https://access.redhat.com/errata/RHSA-2021:0657",
      "https://access.redhat.com/errata/RHSA-2021:0656",
      "https://access.redhat.com/errata/RHSA-2021:0655",
      "https://ubuntu.com/security/CVE-2021-23968",
      "https://advisories.mageia.org/CVE-2021-23968.html",
      "https://security.archlinux.org/CVE-2021-23968",
      "https://linux.oracle.com/cve/CVE-2021-23968.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-23968"
      ],
      "details": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
      "id": "GSD-2021-23968",
      "modified": "2023-12-13T01:23:29.762147Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2021-23968",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 86"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 78.8"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 78.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Content Security Policy violation report could have contained the destination of a redirect"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2021-07/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2021-09/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2021-08/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"
          },
          {
            "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
          },
          {
            "name": "DSA-4866",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-4866"
          },
          {
            "name": "GLSA-202104-10",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202104-10"
          },
          {
            "name": "GLSA-202104-09",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202104-09"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2021-23968"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "78.8"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "86"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "78.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox ESR \u003c 78.8, Firefox \u003c 86, and Thunderbird \u003c 78.8."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Content Security Policy violation report could have contained the destination of a redirect"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "86.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "78.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "78.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2021-23968"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-209"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-08/",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-09/",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2021-07/",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
            },
            {
              "name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
            },
            {
              "name": "DSA-4866",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4866"
            },
            {
              "name": "GLSA-202104-09",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202104-09"
            },
            {
              "name": "GLSA-202104-10",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202104-10"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-05-27T17:57Z",
      "publishedDate": "2021-02-26T02:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-23968 (GCVE-0-2021-23968)

CERTFR-2021-AVI-143

Solution

CERTFR-2021-AVI-144

Solution

CNVD-2021-15357

FKIE_CVE-2021-23968

GHSA-94JC-V9RF-W32J

GSD-2021-23968

Tags

Sightings

Nomenclature