CVE-2023-26081 — Resource Exposure in Epiphany

CWE-668 — Resource Exposure5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 60.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Epiphany Fedoraproject Fedora

Timeline

PublishedFeb 20

Description

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDgnome/epiphany< 43.1

Also affects: Fedora 37

Patches

Patch: gitlab.gnome.org ↗Patch: gitlab.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-cw64-pq7m-342r: In Epiphany (aka GNOME Web) through 43↗2023-02-20

▶

CVEList

CVE-2023-26081: In Epiphany (aka GNOME Web) through 43↗2023-02-20

▶

OSV

CVE-2023-26081: In Epiphany (aka GNOME Web) through 43↗2023-02-20

▶

📋Vendor Advisories

Debian

CVE-2023-26081: epiphany-browser - In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users ...↗2023

▶