Vulnerability Details CVE-2022-21817
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.0%
CVSS Severity
CVSS v3 Score 9.3
CVSS v2 Score 5.8
References
Products affected by CVE-2022-21817
-
cpe:2.3:a:nvidia:omniverse_launcher:1.0.42
-
cpe:2.3:a:nvidia:omniverse_launcher:1.0.50
-
cpe:2.3:a:nvidia:omniverse_launcher:1.00.48
-
cpe:2.3:a:nvidia:omniverse_launcher:1.1.2
-
cpe:2.3:a:nvidia:omniverse_launcher:1.2.8
-
cpe:2.3:a:nvidia:omniverse_launcher:1.3.3
-
cpe:2.3:a:nvidia:omniverse_launcher:1.3.4
-
cpe:2.3:a:nvidia:omniverse_launcher:1.4.0
-
cpe:2.3:a:nvidia:omniverse_launcher:1.5.1
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-