{"api_version":"1","generated_at":"2026-07-03T16:55:03+00:00","cve":"CVE-2022-24075","urls":{"html":"https://cve.report/CVE-2022-24075","api":"https://cve.report/api/cve/CVE-2022-24075.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-24075","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-24075"},"summary":{"title":"CVE-2022-24075","description":"Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.","state":"PUBLIC","assigner":"cve@navercorp.com","published_at":"2022-03-17 06:15:00","updated_at":"2022-03-23 18:52:00"},"problem_types":["CWE-552"],"metrics":[],"references":[{"url":"https://cve.naver.com/detail/cve-2022-24075","name":"https://cve.naver.com/detail/cve-2022-24075","refsource":"CONFIRM","tags":[],"title":"NAVER Security Advisory","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-24075","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24075","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Young Min Kim","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"24075","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"navercorp","cpe5":"whale","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-24075","ASSIGNER":"cve@navercorp.com","STATE":"PUBLIC"},"credit":[{"lang":"eng","value":"Young Min Kim"}],"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"NAVER Whale browser","version":{"version_data":[{"version_affected":"<","version_value":"3.12.129.46"}]}}]},"vendor_name":"NAVER"}]}},"description":{"description_data":[{"lang":"eng","value":"Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-552: Files or Directories Accessible to External Parties"}]}]},"references":{"reference_data":[{"name":"https://cve.naver.com/detail/cve-2022-24075","refsource":"CONFIRM","url":"https://cve.naver.com/detail/cve-2022-24075"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2022-03-17 06:15:00","lastModifiedDate":"2022-03-23 18:52:00","problem_types":["CWE-552"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*","versionEndExcluding":"3.12.129.18","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"24075","Ordinal":"227286","Title":"CVE-2022-24075","CVE":"CVE-2022-24075","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"24075","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}