Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for freighter by stellar

    CVE-2023-40580 (GCVE-0-2023-40580)

    Vulnerability from nvd – Published: 2023-08-25 19:51 – Updated: 2024-08-02 18:38
    VLAI
    Title
    Freighter mnemonic phrase may be accessed by Javascript through a private API
    Summary
    Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    stellar freighter Affected: < 5.3.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:38:50.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w"
              },
              {
                "name": "https://github.com/stellar/freighter/pull/948",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/stellar/freighter/pull/948"
              },
              {
                "name": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "freighter",
              "vendor": "stellar",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 5.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T19:51:17.535Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w"
            },
            {
              "name": "https://github.com/stellar/freighter/pull/948",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/stellar/freighter/pull/948"
            },
            {
              "name": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee"
            }
          ],
          "source": {
            "advisory": "GHSA-vqr6-hwg2-775w",
            "discovery": "UNKNOWN"
          },
          "title": "Freighter mnemonic phrase may be accessed by Javascript through a private API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-40580",
        "datePublished": "2023-08-25T19:51:17.535Z",
        "dateReserved": "2023-08-16T18:24:02.391Z",
        "dateUpdated": "2024-08-02T18:38:50.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40580 (GCVE-0-2023-40580)

    Vulnerability from cvelistv5 – Published: 2023-08-25 19:51 – Updated: 2024-08-02 18:38
    VLAI
    Title
    Freighter mnemonic phrase may be accessed by Javascript through a private API
    Summary
    Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    stellar freighter Affected: < 5.3.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:38:50.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w"
              },
              {
                "name": "https://github.com/stellar/freighter/pull/948",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/stellar/freighter/pull/948"
              },
              {
                "name": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "freighter",
              "vendor": "stellar",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 5.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T19:51:17.535Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w"
            },
            {
              "name": "https://github.com/stellar/freighter/pull/948",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/stellar/freighter/pull/948"
            },
            {
              "name": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee"
            }
          ],
          "source": {
            "advisory": "GHSA-vqr6-hwg2-775w",
            "discovery": "UNKNOWN"
          },
          "title": "Freighter mnemonic phrase may be accessed by Javascript through a private API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-40580",
        "datePublished": "2023-08-25T19:51:17.535Z",
        "dateReserved": "2023-08-16T18:24:02.391Z",
        "dateUpdated": "2024-08-02T18:38:50.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }