CVE-2024-20837Samsung Internet vulnerability

3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 75.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Internet
Timeline
PublishedMar 5

Description

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages1 packages

NVDsamsung/internet< 24.0.0.41

🔴Vulnerability Details

2
GHSA
GHSA-w8qw-8xxw-qff9: Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 242024-03-05
CVEList
CVE-2024-20837: Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 242024-03-05
CVE-2024-20837 — Samsung Internet vulnerability | cvebase