CVE-2019-11593

{"id": "CVE-2019-11593", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-04-29T15:29:00.560", "references": [{"url": "https://adblockplus.org/releases/adblock-plus-352-for-chrome-firefox-and-opera-released", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://armin.dev/blog/2019/04/adblock-plus-code-injection/", "tags": ["Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/eyeo/adblockplus/adblockpluschrome/issues/1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/eyeo/adblockplus/adblockpluscore/issues/4", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://news.ycombinator.com/item?id=19666504", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://adblockplus.org/releases/adblock-plus-352-for-chrome-firefox-and-opera-released", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://armin.dev/blog/2019/04/adblock-plus-code-injection/", "tags": ["Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/eyeo/adblockplus/adblockpluschrome/issues/1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/eyeo/adblockplus/adblockpluscore/issues/4", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://news.ycombinator.com/item?id=19666504", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect."}, {"lang": "es", "value": "En Adblock Plus versiones anteriores a la 3.5.2, la opci\u00f3n de filtro $rewrite permite al equipo de mantenimiento de listas de filtros, ejecutar c\u00f3digo arbitrario en una sesi\u00f3n del lado del cliente cuando un servicio web carga un script para su ejecuci\u00f3n utilizando XMLHttpRequest o Fetch, y el origen del script tiene una redirecci\u00f3n abierta."}], "lastModified": "2024-11-21T04:21:24.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adblockplus:adblock_plus:*:*:*:*:*:chrome:*:*", "vulnerable": true, "matchCriteriaId": "458B2E05-6B44-4881-8118-68522F6DE8B9", "versionEndExcluding": "3.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}