CVE-2019-19788

{"id": "CVE-2019-19788", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-12-18T22:15:13.677", "references": [{"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/", "tags": ["Vendor Advisory"], "source": "security@opera.com"}, {"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context."}, {"lang": "es", "value": "Opera para Android versiones anteriores a 54.0.2669.49432, es vulnerable a un ataque de omisi\u00f3n de iframe de origen cruzado dentro del sandbox. Al utilizar un servicio que funciona dentro de un iframe del sandbox, es posible omitir los atributos normales del sandbox. Esto permite a un atacante realizar redireccionamientos forzados sin ninguna interacci\u00f3n del usuario desde un contexto de terceros."}], "lastModified": "2024-11-21T04:35:23.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "7E01E634-882C-4D4C-A906-3052EC09A396", "versionEndExcluding": "54.0.2669.49432"}], "operator": "OR"}]}], "sourceIdentifier": "security@opera.com"}