CVE-2018-6608

4.3MEDIUM

Key Information:

Vendor: Opera
Status: Opera Browser
Vendor: CVE Published:; 28 March 2018

Summary

In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.

References

https://github.com/VoidSec/WebRTC-Leak

x_refsource_MISC

https://voidsec.com/vpn-leak/

x_refsource_MISC

https://news.ycombinator.com/item?id=16699270

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2018
Vulnerability Reserved
Feb 4, 2018