CVE-2022-24072
Published Mar 17, 2022
Last updated 3 years ago
Overview
- Description
- The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
- Source
- cve@navercorp.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- cve@navercorp.com
- CWE-269
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47138F1B-655D-4459-905C-7BFA3A326DC5",
"versionEndExcluding": "3.12.129.18"
}
],
"operator": "OR"
}
]
}
]