CVE-2019-12383

{"id": "CVE-2019-12383", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-05-28T03:29:00.513", "references": [{"url": "http://www.securityfocus.com/bid/108484", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://hackerone.com/reports/282748", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://trac.torproject.org/projects/tor/ticket/24056", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/108484", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/282748", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://trac.torproject.org/projects/tor/ticket/24056", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a \"Don't send my language\" setting."}, {"lang": "es", "value": "Tor Browser anterior de la versi\u00f3n 8.0.1, presenta una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. Permite a atacantes remotos detectar la interfaz de usuario (UI) local del navegador mediante la medici\u00f3n de el ancho de Buttom, incluso si el usuario tiene una configuraci\u00f3n de \"Don't send my language\"."}], "lastModified": "2024-11-21T04:22:43.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:torproject:tor_browser:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85D4B891-7C98-4E0D-9D18-8B78B4D620C0", "versionEndExcluding": "8.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}