Vulnerability Details : CVE-2022-24073
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
Products affected by CVE-2022-24073
- cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24073
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24073
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
2.8
|
3.7
|
NIST |
CWE ids for CVE-2022-24073
-
The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.Assigned by: cve@navercorp.com (Secondary)
References for CVE-2022-24073
-
https://cve.naver.com/detail/cve-2022-24073
NAVER Security AdvisoryVendor Advisory
Jump to