CVE-2023-25524

4MEDIUM

Key Information

Vendor
Nvidia
Status
Omniverse Workstation Launcher
Vendor
CVE Published:
3 August 2023

Summary

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.

Affected Version(s)

Omniverse Workstation Launcher = 1.8.7 and prior versions

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Risk change from: 5.3 to: 4 - (MEDIUM)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.