Vulnerability Details : CVE-2023-22798
Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web.
Vulnerability category: Open redirect
Products affected by CVE-2023-22798
- cpe:2.3:a:brave:adblock-lists:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-22798
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-22798
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2023-22798
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2023-22798
-
https://hackerone.com/reports/1579374
HackerOneExploit;Patch;Third Party Advisory
Jump to