CVE-2022-24072

Published: Mar 17, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.

Affected (1)

Products: Navercorp: Whale

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Navercorp Whale	Before 3.12.129.18

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://cve.naver.com/detail/cve-2022-24072

Source: cve@navercorp.com

Vendor Advisory

https://cve.naver.com/detail/cve-2022-24072

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.