CVE-2022-24075 Vulnerability Details

  /     /     /  

CVE-2022-24075 Metadata Quick Info

CVE Published: 17/03/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: naver | Vendor: NAVER | Product: NAVER Whale browser
Status : PUBLISHED

---

CVE-2022-24075 Description

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-552
CWE Name: CWE-552: Files or Directories Accessible to External Parties
Source: NAVER

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).