CVE-2018-11713Sensitive Information Exposure in Libsoup

CWE-200Sensitive Information Exposure13 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 31.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gnome LibsoupWebkitgtk
Timeline
PublishedJun 4
Latest updateMay 13

Description

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDgnome/libsoup< 2.62.0
NVDwebkitgtk/webkitgtk< 2.20.0

Patches

Patch: bugs.webkit.orgPatch: trac.webkit.orgPatch: bugs.webkit.org

🔴Vulnerability Details

3
GHSA
GHSA-q6g9-cxvx-7pq9: WebCore/platform/network/soup/SocketStreamHandleImplSoup2022-05-13
CVEList
CVE-2018-11713: WebCore/platform/network/soup/SocketStreamHandleImplSoup2018-06-04
OSV
CVE-2018-11713: WebCore/platform/network/soup/SocketStreamHandleImplSoup2018-06-04

📋Vendor Advisories

2
Red Hat
webkitgtk: WebSockets don't use system proxy settings2018-06-07
Debian
CVE-2018-11713: webkit2gtk - WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup netw...2018

💬Community

7
Bugzilla
CVE-2018-11713 webkitgtk: WebSockets don't use system proxy settings [fedora-all]2018-06-07
Bugzilla
CVE-2018-11713 mingw-webkitgtk3: webkitgtk: WebSockets don't use system proxy settings [fedora-all]2018-06-07
Bugzilla
CVE-2018-11713 webkitgtk: WebSockets don't use system proxy settings2018-06-07
Bugzilla
CVE-2018-11713 webkit2gtk3: webkitgtk: WebSockets don't use system proxy settings [fedora-28]2018-06-07
Bugzilla
CVE-2018-11713 webkitgtk: WebSockets don't use system proxy settings [epel-all]2018-06-07
CVE-2018-11713 — Sensitive Information Exposure | cvebase