// For flags

CVE-2019-6251

webkitgtk: processing maliciously crafted web content lead to URI spoofing

Severity Score

8.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

WebKitGTK y WPE WebKit versiones anteriores a 2.24.1 permite la suplantaciĆ³n de la barra de direcciones en determinadas redirecciones de JavaScript. Un atacante puede hacer que el contenido web malicioso se muestre como si se tratara de una URL de confianza. Esto es similar a la ediciĆ³n CVE-2018-8383 en Microsoft Edge.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-13 CVE Reserved
  • 2019-01-14 CVE Published
  • 2024-07-16 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (17)
URL Tag Source
http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/04/11/1 Mailing List
https://seclists.org/bugtraq/2019/Apr/21 Mailing List
URL Date SRC
https://gitlab.gnome.org/GNOME/epiphany/issues/532 2024-08-04
URL Date SRC
https://trac.webkit.org/changeset/243434 2023-11-07
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html 2023-11-07
https://bugs.webkit.org/show_bug.cgi?id=194208 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ 2023-11-07
https://security.gentoo.org/glsa/201909-05 2023-11-07
https://usn.ubuntu.com/3948-1 2023-11-07
https://access.redhat.com/security/cve/CVE-2019-6251 2020-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=1667409 2020-09-29
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnome
Search vendor "Gnome"
 Epiphany
Search vendor "Gnome" for product "Epiphany"
 <= 3.31.4
Search vendor "Gnome" for product "Epiphany" and version " <= 3.31.4"
-
Affected
Webkitgtk
Search vendor "Webkitgtk"
 Webkitgtk
Search vendor "Webkitgtk" for product "Webkitgtk"
 < 2.24.1
Search vendor "Webkitgtk" for product "Webkitgtk" and version " < 2.24.1"
-
Affected
Wpewebkit
Search vendor "Wpewebkit"
 Wpe Webkit
Search vendor "Wpewebkit" for product "Wpe Webkit"
 < 2.24.1
Search vendor "Wpewebkit" for product "Wpe Webkit" and version " < 2.24.1"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 28
Search vendor "Fedoraproject" for product "Fedora" and version "28"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 29
Search vendor "Fedoraproject" for product "Fedora" and version "29"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 30
Search vendor "Fedoraproject" for product "Fedora" and version "30"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 18.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 18.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10"
-
Affected
Opensuse
Search vendor "Opensuse"
 Leap
Search vendor "Opensuse" for product "Leap"
 15.0
Search vendor "Opensuse" for product "Leap" and version "15.0"
-
Affected
Opensuse
Search vendor "Opensuse"
 Leap
Search vendor "Opensuse" for product "Leap"
 42.3
Search vendor "Opensuse" for product "Leap" and version "42.3"
-
Affected