CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28360
https://notcve.org/view.php?id=CVE-2023-28360
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. • https://hackerone.com/reports/1848062 • CWE-223: Omission of Security-relevant Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47932
https://notcve.org/view.php?id=CVE-2022-47932
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933. Brave Browser anterior a 1.43.34 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esta vulnerabilidad se debe a una solución incompleta para CVE-2022-47933. • https://github.com/brave/brave-browser/issues/24093 https://github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ef50 https://github.com/brave/brave-core/pull/14211 https://hackerone.com/reports/1636430 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47933
https://notcve.org/view.php?id=CVE-2022-47933
Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc. Brave Browser anterior a 1.42.51 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo HTML manipulado que hace referencia al esquema IPFS. Esta vulnerabilidad es causada por una excepción no detectada en la función ipfs::OnBeforeURLRequest_IPFSRedirectWork() en ipfs_redirect_network_delegate_helper.cc. • https://github.com/brave/brave-browser/issues/23646 https://github.com/brave/brave-browser/issues/24378 https://github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bc56 https://github.com/brave/brave-core/pull/13989 https://hackerone.com/reports/1610343 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47934
https://notcve.org/view.php?id=CVE-2022-47934
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. Brave Browser anterior a 1.43.88 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) en ventanas privadas e invitadas a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esto se debe a una solución incompleta para CVE-2022-47932 y CVE-2022-47934. • https://github.com/brave/brave-browser/issues/24211 https://github.com/brave/brave-browser/issues/25106 https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8 https://github.com/brave/brave-core/pull/14313 https://hackerone.com/reports/1646204 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30334
https://notcve.org/view.php?id=CVE-2022-30334
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser." Brave versiones anteriores a 1.34, cuando se usa una Ventana Privada con Conectividad Tor, filtra URLs .onion en los encabezados Referer y Origin. NOTA: aunque esto fue arreglado por Brave, la documentación de Brave todavía aconseja "Tenga en cuenta que las Ventanas Privadas con Conectividad Tor en Brave son sólo ventanas privadas regulares que usan Tor como proxy. • https://github.com/brave/brave-browser/issues/18071 https://github.com/brave/brave-core/pull/10760 https://hackerone.com/reports/1337624 https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •