CVE-2021-22916

Published: Jul 12, 2021Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.

Affected (1)

Products: Brave: Brave

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Brave Brave	From 1.17.0 to 1.26.60

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://hackerone.com/reports/1203842

Source: support@hackerone.com

Third Party Advisory

https://hackerone.com/reports/1203842

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.