cnvd - cnvd-2021-70123

cnvd-2021-70123

Vulnerability from cnvd

Title: Brave存在未明漏洞

Description:

Brave是美国Brave公司的一个快速，私密和安全的Web浏览器。

Brave Browser Desktop 1.28.62及之前版本存在安全漏洞，攻击者可以利用该漏洞获取\"V2 onion domains\"。

Severity: 低

Patch Name: Brave存在未明漏洞的补丁

Patch Description:

Brave是美国Brave公司的一个快速，私密和安全的Web浏览器。

Brave Browser Desktop 1.28.62及之前版本存在安全漏洞，攻击者可以利用该漏洞获取\"V2 onion domains\"。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://brave.com/zh/。

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-22929

Impacted products

Name
Brave Brave <1.28.62

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22929"
    }
  },
  "description": "Brave\u662f\u7f8e\u56fdBrave\u516c\u53f8\u7684\u4e00\u4e2a\u5feb\u901f\uff0c\u79c1\u5bc6\u548c\u5b89\u5168\u7684Web\u6d4f\u89c8\u5668\u3002\n\nBrave Browser Desktop 1.28.62\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\\\"V2 onion domains\\\"\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://brave.com/zh/\u3002",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-70123",
  "openTime": "2021-09-11",
  "patchDescription": "Brave\u662f\u7f8e\u56fdBrave\u516c\u53f8\u7684\u4e00\u4e2a\u5feb\u901f\uff0c\u79c1\u5bc6\u548c\u5b89\u5168\u7684Web\u6d4f\u89c8\u5668\u3002\r\n\r\nBrave Browser Desktop 1.28.62\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\\\"V2 onion domains\\\"\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Brave\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Brave Brave \u003c1.28.62"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-22929",
  "serverity": "\u4f4e",
  "submitTime": "2021-09-02",
  "title": "Brave\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2021-22929 (GCVE-0-2021-22929)

Vulnerability from cvelistv5

Published

2021-08-31 16:53

Modified

2024-08-03 18:58

Severity ?

CWE

CWE-312 - Cleartext Storage of Sensitive Information ()

Summary

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

References

▼	URL	Tags
	https://hackerone.com/reports/1249056	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/brave/brave-core	Version: 1.28.62

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:25.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1249056"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/brave/brave-core",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.28.62"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "Cleartext Storage of Sensitive Information (CWE-312)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-31T16:53:26",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1249056"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2021-22929",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/brave/brave-core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.28.62"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cleartext Storage of Sensitive Information (CWE-312)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/1249056",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1249056"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22929",
    "datePublished": "2021-08-31T16:53:26",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:58:25.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted