CVE-2021-39246
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).
Tor Browser hasta la versión 10.5.6 y la versión 11.x hasta la 11.0a4 permite un ataque de correlación que puede comprometer la privacidad de las visitas a las direcciones v2 de la cebolla. Las marcas de tiempo exactas de estas visitas al servicio de cebolla se registran localmente, y un atacante podría ser capaz de compararlas con los datos de las marcas de tiempo recogidas por el servidor de destino (o recogidas por un sitio falso dentro de la red Tor)
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-08-17 CVE Reserved
- 2021-09-24 CVE Published
- 2024-06-09 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://www.privacyaffairs.com/cve-2021-39246-tor-vulnerability | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-111.md | 2024-08-04 | |
| https://sick.codes/sick-2021-111 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.torproject.org/tpo/core/tor/-/commit/80c404c4b79f3bcba3fc4585d4c62a62a04f3ed9 | 2021-10-01 |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/434 | 2021-10-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Torproject Search vendor "Torproject" | Tor Browser Search vendor "Torproject" for product "Tor Browser" | <= 10.5.6 Search vendor "Torproject" for product "Tor Browser" and version " <= 10.5.6" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Torproject Search vendor "Torproject" | Tor Browser Search vendor "Torproject" for product "Tor Browser" | <= 10.5.6 Search vendor "Torproject" for product "Tor Browser" and version " <= 10.5.6" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Torproject Search vendor "Torproject" | Tor Browser Search vendor "Torproject" for product "Tor Browser" | <= 10.5.6 Search vendor "Torproject" for product "Tor Browser" and version " <= 10.5.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Torproject Search vendor "Torproject" | Tor Browser Search vendor "Torproject" for product "Tor Browser" | 11.0 Search vendor "Torproject" for product "Tor Browser" and version "11.0" | alpha2 |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Torproject Search vendor "Torproject" | Tor Browser Search vendor "Torproject" for product "Tor Browser" | 11.0 Search vendor "Torproject" for product "Tor Browser" and version "11.0" | alpha2 |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Torproject Search vendor "Torproject" | Tor Browser Search vendor "Torproject" for product "Tor Browser" | 11.0 Search vendor "Torproject" for product "Tor Browser" and version "11.0" | alpha2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Torproject Search vendor "Torproject" | Tor Browser Search vendor "Torproject" for product "Tor Browser" | 11.0 Search vendor "Torproject" for product "Tor Browser" and version "11.0" | alpha4 |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Torproject Search vendor "Torproject" | Tor Browser Search vendor "Torproject" for product "Tor Browser" | 11.0 Search vendor "Torproject" for product "Tor Browser" and version "11.0" | alpha4 |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Torproject Search vendor "Torproject" | Tor Browser Search vendor "Torproject" for product "Tor Browser" | 11.0 Search vendor "Torproject" for product "Tor Browser" and version "11.0" | alpha4 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|