CVE-2022-30334

Published: May 7, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."

Affected (1)

Products: Brave: Brave

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Brave Brave	Before 1.34

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

https://github.com/brave/brave-browser/issues/18071

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/brave/brave-core/pull/10760

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://hackerone.com/reports/1337624

Source: cve@mitre.org

ExploitThird Party Advisory

https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-

Source: cve@mitre.org

Vendor Advisory

https://github.com/brave/brave-browser/issues/18071

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/brave/brave-core/pull/10760

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://hackerone.com/reports/1337624

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.