CVE-2020-8276 - OpenCVE

Vendors	Products
Brave	Brave

Link	Resource
https://hackerone.com/reports/1024668	Exploit Issue Tracking Third Party Advisory

{"containers": {"cna": {"affected": [{"product": "https://github.com/brave/brave-core", "vendor": "n/a", "versions": [{"status": "affected", "version": "v1.18.35"}]}], "descriptions": [{"lang": "en", "value": "The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "Cleartext Storage of Sensitive Information (CWE-312)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-09T14:05:23", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1024668"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8276", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "https://github.com/brave/brave-core", "version": {"version_data": [{"version_value": "v1.18.35"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cleartext Storage of Sensitive Information (CWE-312)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/1024668", "refsource": "MISC", "url": "https://hackerone.com/reports/1024668"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8276", "datePublished": "2020-11-09T14:05:23", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-11-09T14:05:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brave:brave:*:*:*:*:*:*:*:*", "matchCriteriaId": "C67DDA60-27D0-4195-94A2-61650D0F0A07", "versionEndIncluding": "1.18.35", "versionStartIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window."}, {"lang": "es", "value": "La implementaci\u00f3n del sistema de an\u00e1lisis de preservaci\u00f3n de la privacidad de Brave Desktop (P3A) versiones entre 1.1 y 1.18.35, registr\u00f3 la marca de tiempo de la \u00faltima vez que el usuario abri\u00f3 una ventana de inc\u00f3gnito, incluyendo las ventanas Tor. El comportamiento previsto era registrar la marca de tiempo para las ventanas de inc\u00f3gnito, excluidas las ventanas Tor. Tome en cuenta que si un usuario tiene habilitado P3A, la marca de tiempo no se env\u00eda al servidor de Brave, sino un valor from:Used en las \u00faltimas 24hUsed en la \u00faltima semana pero no 24hUsed en los \u00faltimos 28 d\u00edas pero no usaba weekEver pero no en los \u00faltimos 28 daysNever usado. El riesgo de la privacidad es bajo porque un atacante local con acceso al disco no puede decir si la marca de tiempo corresponde a una ventana Tor o una ventana de inc\u00f3gnito que no es Tor"}], "id": "CVE-2020-8276", "lastModified": "2020-11-18T14:55:34.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-09T15:15:13.600", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://hackerone.com/reports/1024668"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "support@hackerone.com", "type": "Secondary"}]}

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

JSON object

JSON object

JSON object