CVE-2021-1073 — Resource Exposure in Nvidia Geforce Experience

CWE-668 — Resource Exposure3 documents3 sources

Severity

8.3HIGHNVD

EPSS

0.3%

top 45.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Geforce Experience Nvidia Geforce Experience Software

Timeline

PublishedJun 25

Latest updateMay 24

Description

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages2 packages

▶NVDnvidia/geforce_experience< 3.23

▶CVEListV5nvidia/nvidia_geforce_experience_softwareAll versions prior to 3.23

🔴Vulnerability Details

GHSA

GHSA-4wh7-mq9j-whxw: NVIDIA GeForce Experience, all versions prior to 3↗2022-05-24

▶

CVEList

CVE-2021-1073: NVIDIA GeForce Experience, all versions prior to 3↗2021-06-25

▶