Authentication Flow Vulnerability in NVIDIA Omniverse Workstation Launcher
CVE-2023-25524

4MEDIUM

Key Information:

Vendor: Nvidia
Status: Omniverse Workstation Launcher
Vendor: CVE Published:; 3 August 2023

What is CVE-2023-25524?

The NVIDIA Omniverse Workstation Launcher for Windows and Linux has a security flaw in its authentication flow. This vulnerability exposes the user's access token in the browser's address bar, which could be exploited by attackers to impersonate legitimate users. By obtaining this token, an unauthorized individual may gain access to sensitive launcher resources, leading to potential information disclosure and compromise of user privacy.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Omniverse Workstation Launcher 1.8.7 and prior versions

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5472

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Feb 7, 2023

JSON

Nvidia

What is CVE-2023-25524?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.