{"vulnerability": "CVE-2020-8276", "sightings": [{"uuid": "2521c091-fc3c-43e0-b438-b9de3d14ac26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8276", "type": "seen", "source": "https://t.me/cKure/2709", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 TOR vulnerability in Brave Browser, reported, watched getting patched, got a CVE (CVE-2020-8276) and bounty, all in one working day.\n\nhttps://community.disclose.io/t/how-i-found-a-tor-vulnerability-in-brave-browser-reported-it-watched-it-get-patched-got-a-cve-cve-2020-8276-and-a-small-bounty-all-in-one-working-day/65", "creation_timestamp": "2020-11-05T07:50:03.000000Z"}, {"uuid": "63c4ae2c-46db-479d-ad0f-57dd5b796d4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8276", "type": "seen", "source": "https://t.me/HackerOne/2819", "content": "How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day https://community.disclose.io/t/how-i-found-a-tor-vulnerability-in-brave-browser-reported-it-watched-it-get-patched-got-a-cve-cve-2020-8276-and-a-small-bounty-all-in-one-working-day/65", "creation_timestamp": "2020-11-05T08:54:19.000000Z"}, {"uuid": "276c7c60-a4b1-45f2-91cb-fca40d340776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8276", "type": "seen", "source": "https://t.me/thebugbountyhunter/4869", "content": "How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day https://community.disclose.io/t/how-i-found-a-tor-vulnerability-in-brave-browser-reported-it-watched-it-get-patched-got-a-cve-cve-2020-8276-and-a-small-bounty-all-in-one-working-day/65", "creation_timestamp": "2020-11-05T08:40:23.000000Z"}, {"uuid": "089031af-9968-4594-8590-df7e4aa8e9ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8276", "type": "seen", "source": "https://t.me/cibsecurity/16030", "content": "\u203c CVE-2020-8276 \u203c\n\nThe implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-09T18:55:27.000000Z"}]}