Vulnerability Details CVE-2017-18016
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2018/01/10/1
- https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016
- https://www.exploit-db.com/exploits/43499/
- http://www.openwall.com/lists/oss-security/2018/01/10/1
- https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016
- https://www.exploit-db.com/exploits/43499/