CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25524
https://notcve.org/view.php?id=CVE-2023-25524
NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5472 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21817
https://notcve.org/view.php?id=CVE-2022-21817
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity. NVIDIA Omniverse Launcher contiene una vulnerabilidad de tipo Cross-Origin Resource Sharing (CORS) que puede permitir a un atacante remoto no privilegiado, si consigue que el usuario navegue por un sitio malicioso, adquirir tokens de acceso que le permitan acceder a recursos en otros dominios de seguridad, lo que puede conllevar a una ejecución de código, una escalada de privilegios y impactos en la confidencialidad e integridad • https://nvidia.custhelp.com/app/answers/detail/a_id/5318 •