CVE-2015-2692 : AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbi

AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.

Published 2017-06-08 21:29:00

Updated 2017-06-20 13:17:49

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2015-2692

Adblock » Adblock
Versions up to, including, (<=) 2.20.1
cpe:2.3:a:adblock:adblock:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.62%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 68 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
10.0	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H	3.9	5.8	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: High

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

https://www.greinr.com/blog/2015/cve-2015-2692-adblock-filter-injection/

CVE-2015-2692 - AdBlock Filter Injection | Everyday Tech Investigation
Third Party Advisory
https://github.com/kzar/watchadblock/commit/5b77de6ea77e0eff2aa726d9722d64fb4964b985

Release new version 2.21 · kzar/watchadblock@5b77de6 · GitHub
Exploit;Third Party Advisory

Jump to