CVE-2023-40580
Summary
| CVE | CVE-2023-40580 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-25 20:15:00 UTC |
| Updated | 2023-08-31 17:38:00 UTC |
| Description | Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mnemonic phrase may be accessed by Javascript through a private API · Advisory · stellar/freighter · GitHub | MISC | github.com | |
| Prevent Javascript from accessing the mnemonic phrase through a private API by piyalbasu · Pull Request #948 · stellar/freighter · GitHub | MISC | github.com | |
| Prevent Javascript from accessing the mnemonic phrase through a priva… · stellar/freighter@81f78ba · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.