CVE-2019-19788

Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opera:opera:*:*:*:*:*:android:*:*

History

No history.

Information

Published : 2019-12-18 22:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-19788

Mitre link : CVE-2019-19788

CVE.ORG link : CVE-2019-19788

JSON object : View

Products Affected

opera

opera

CWE

NVD-CWE-Other

{"id": "CVE-2019-19788", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-12-18T22:15:13.677", "references": [{"url": "https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories/", "tags": ["Vendor Advisory"], "source": "security@opera.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context."}, {"lang": "es", "value": "Opera para Android versiones anteriores a 54.0.2669.49432, es vulnerable a un ataque de omisi\u00f3n de iframe de origen cruzado dentro del sandbox. Al utilizar un servicio que funciona dentro de un iframe del sandbox, es posible omitir los atributos normales del sandbox. Esto permite a un atacante realizar redireccionamientos forzados sin ninguna interacci\u00f3n del usuario desde un contexto de terceros."}], "lastModified": "2020-01-07T18:21:54.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opera:opera:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "7E01E634-882C-4D4C-A906-3052EC09A396", "versionEndExcluding": "54.0.2669.49432"}], "operator": "OR"}]}], "sourceIdentifier": "security@opera.com"}