CVE-2024-25677

{"id": "CVE-2024-25677", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-02-09T09:15:08.717", "references": [{"url": "https://github.com/minbrowser/min/security/advisories/GHSA-4w9v-7h8h-rv8x", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document."}, {"lang": "es", "value": "En Min anterior a 1.31.0, los archivos locales no se tratan correctamente como or\u00edgenes de seguridad \u00fanicos, lo que les permite solicitar incorrectamente recursos de or\u00edgenes cruzados. Por ejemplo, un archivo local puede solicitar otros archivos locales a trav\u00e9s de un documento XML."}], "lastModified": "2024-02-15T19:43:24.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:minbrowser:min:1.29.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F45E94D-69C1-48F7-A725-58FF3C14F72D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}