Refine your search
1 vulnerability found for Android Browser by Brave
CVE-2024-37406 (GCVE-0-2024-37406)
Vulnerability from cvelistv5
Published
2024-09-18 21:54
Modified
2024-09-19 13:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brave | Android Browser |
Version: 1.67.116 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:brave:android_browser:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android_browser",
"vendor": "brave",
"versions": [
{
"lessThan": "1.67.116",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37406",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:34:45.822262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:45:15.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android Browser",
"vendor": "Brave",
"versions": [
{
"lessThan": "1.67.116",
"status": "affected",
"version": "1.67.116",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion."
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:54:09.120Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/2501378"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-37406",
"datePublished": "2024-09-18T21:54:09.120Z",
"dateReserved": "2024-06-08T01:04:07.093Z",
"dateUpdated": "2024-09-19T13:45:15.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}