CVE-2019-6251 - Vulnerability Details

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Fedoraproject	Fedora
Gnome	Epiphany
Opensuse	Leap
Redhat	Enterprise Linux
Webkitgtk	Webkitgtk
Wpewebkit	Wpe Webkit

Configuration 1 [-]

cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:webkitgtk:webkitgtk::::::::
	cpe:2.3:a:wpewebkit:wpe_webkit::::::::

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:28:::::::*
	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:42.3:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
webkitgtk4-0:2.28.2-2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:4035	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8
accountsservice-0:0.6.50-7.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
appstream-data-0:8-20190805.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
baobab-0:3.28.0-2.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
chrome-gnome-shell-0:10.1-6.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
evince-0:3.28.4-3.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
file-roller-0:3.28.1-2.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gdk-pixbuf2-0:2.36.12-5.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gdm-1:3.28.3-22.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gjs-0:1.56.2-3.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-control-center-0:3.28.2-5.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-desktop3-0:3.32.2-1.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-remote-desktop-0:0.1.6-5.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-settings-daemon-0:3.32.0-4.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-shell-0:3.32.2-9.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-shell-extensions-0:3.32.1-10.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-software-0:3.30.6-2.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-tweaks-0:3.28.1-6.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gsettings-desktop-schemas-0:3.32.0-3.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gtk3-0:3.22.30-4.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gvfs-0:1.36.2-6.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
mozjs60-0:60.9.0-3.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
mutter-0:3.32.2-10.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
nautilus-0:3.28.1-10.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
pango-0:1.42.4-6.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
pidgin-0:2.13.0-5.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
plymouth-0:0.9.3-15.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
SDL-0:1.2.15-35.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
wayland-protocols-0:1.17-1.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
webkit2gtk3-0:2.24.3-1.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
accountsservice-0:0.6.50-7.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
appstream-data-0:8-20190805.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
baobab-0:3.28.0-2.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
chrome-gnome-shell-0:10.1-6.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
evince-0:3.28.4-3.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
file-roller-0:3.28.1-2.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gdk-pixbuf2-0:2.36.12-5.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gdm-1:3.28.3-22.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gjs-0:1.56.2-3.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-control-center-0:3.28.2-5.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-desktop3-0:3.32.2-1.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-remote-desktop-0:0.1.6-5.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-settings-daemon-0:3.32.0-4.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-shell-0:3.32.2-9.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-shell-extensions-0:3.32.1-10.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-software-0:3.30.6-2.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gnome-tweaks-0:3.28.1-6.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gsettings-desktop-schemas-0:3.32.0-3.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gtk3-0:3.22.30-4.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
gvfs-0:1.36.2-6.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
mozjs60-0:60.9.0-3.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
mutter-0:3.32.2-10.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
nautilus-0:3.28.1-10.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
pango-0:1.42.4-6.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
pidgin-0:2.13.0-5.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
plymouth-0:0.9.3-15.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
SDL-0:1.2.15-35.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
wayland-protocols-0:1.17-1.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z
webkit2gtk3-0:2.24.3-1.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3553	2019-11-05T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html
http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html
http://www.openwall.com/lists/oss-security/2019/04/11/1
https://bugs.webkit.org/show_bug.cgi?id=194208
https://gitlab.gnome.org/GNOME/epiphany/issues/532
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/
https://nvd.nist.gov/vuln/detail/CVE-2019-6251
https://seclists.org/bugtraq/2019/Apr/21
https://security.gentoo.org/glsa/201909-05
https://trac.webkit.org/changeset/243434
https://usn.ubuntu.com/3948-1/
https://www.cve.org/CVERecord?id=CVE-2019-6251

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-14T07:00:00

Updated: 2024-08-04T20:16:24.679Z

Reserved: 2019-01-13T00:00:00

Link: CVE-2019-6251

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-14T08:29:00.223

Modified: 2024-11-21T04:46:18.887

Link: CVE-2019-6251

Redhat

Severity : Moderate

Publid Date: 2018-09-11T00:00:00Z

Links: CVE-2019-6251 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-06T17:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"}, {"name": "20190411 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Apr/21"}, {"name": "[oss-security] 20190410 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"}, {"name": "FEDORA-2019-d9a15be3ba", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"}, {"name": "FEDORA-2019-b3ad0a302b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"}, {"name": "USN-3948-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3948-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.webkit.org/show_bug.cgi?id=194208"}, {"tags": ["x_refsource_MISC"], "url": "https://trac.webkit.org/changeset/243434"}, {"name": "FEDORA-2019-432b3dff25", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"}, {"name": "FEDORA-2019-77433fc7f3", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"}, {"name": "FEDORA-2019-74f7603660", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"}, {"name": "openSUSE-SU-2019:1374", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"}, {"name": "openSUSE-SU-2019:1391", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"}, {"name": "GLSA-201909-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201909-05"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6251", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.gnome.org/GNOME/epiphany/issues/532", "refsource": "MISC", "url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"}, {"name": "20190411 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/21"}, {"name": "[oss-security] 20190410 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"}, {"name": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"}, {"name": "FEDORA-2019-d9a15be3ba", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"}, {"name": "FEDORA-2019-b3ad0a302b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"}, {"name": "USN-3948-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3948-1/"}, {"name": "https://bugs.webkit.org/show_bug.cgi?id=194208", "refsource": "MISC", "url": "https://bugs.webkit.org/show_bug.cgi?id=194208"}, {"name": "https://trac.webkit.org/changeset/243434", "refsource": "MISC", "url": "https://trac.webkit.org/changeset/243434"}, {"name": "FEDORA-2019-432b3dff25", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"}, {"name": "FEDORA-2019-77433fc7f3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"}, {"name": "FEDORA-2019-74f7603660", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"}, {"name": "openSUSE-SU-2019:1374", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"}, {"name": "openSUSE-SU-2019:1391", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"}, {"name": "GLSA-201909-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201909-05"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:24.679Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"}, {"name": "20190411 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Apr/21"}, {"name": "[oss-security] 20190410 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"}, {"name": "FEDORA-2019-d9a15be3ba", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"}, {"name": "FEDORA-2019-b3ad0a302b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"}, {"name": "USN-3948-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3948-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.webkit.org/show_bug.cgi?id=194208"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://trac.webkit.org/changeset/243434"}, {"name": "FEDORA-2019-432b3dff25", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"}, {"name": "FEDORA-2019-77433fc7f3", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"}, {"name": "FEDORA-2019-74f7603660", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"}, {"name": "openSUSE-SU-2019:1374", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"}, {"name": "openSUSE-SU-2019:1391", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"}, {"name": "GLSA-201909-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201909-05"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-6251", "datePublished": "2019-01-14T07:00:00", "dateReserved": "2019-01-13T00:00:00", "dateUpdated": "2024-08-04T20:16:24.679Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*", "matchCriteriaId": "F62B1562-9E8B-4E4D-811D-8D5064595923", "versionEndIncluding": "3.31.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", "matchCriteriaId": "08565239-2C80-4C9F-A270-6076E455DD91", "versionEndExcluding": "2.24.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "46E10007-E315-4E7B-99DC-44F7E4C8523C", "versionEndExcluding": "2.24.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge."}, {"lang": "es", "value": "WebKitGTK y WPE WebKit versiones anteriores a 2.24.1 permite la suplantaci\u00f3n de la barra de direcciones en determinadas redirecciones de JavaScript. Un atacante puede hacer que el contenido web malicioso se muestre como si se tratara de una URL de confianza. Esto es similar a la edici\u00f3n CVE-2018-8383 en Microsoft Edge."}], "id": "CVE-2019-6251", "lastModified": "2024-11-21T04:46:18.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-14T08:29:00.223", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.webkit.org/show_bug.cgi?id=194208"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/21"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201909-05"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://trac.webkit.org/changeset/243434"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3948-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.webkit.org/show_bug.cgi?id=194208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201909-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://trac.webkit.org/changeset/243434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3948-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4035", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "webkitgtk4-0:2.28.2-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "accountsservice-0:0.6.50-7.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "appstream-data-0:8-20190805.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "baobab-0:3.28.0-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "chrome-gnome-shell-0:10.1-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "evince-0:3.28.4-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "file-roller-0:3.28.1-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gdk-pixbuf2-0:2.36.12-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gdm-1:3.28.3-22.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gjs-0:1.56.2-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-control-center-0:3.28.2-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-desktop3-0:3.32.2-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-remote-desktop-0:0.1.6-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-settings-daemon-0:3.32.0-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-shell-0:3.32.2-9.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-shell-extensions-0:3.32.1-10.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-software-0:3.30.6-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-tweaks-0:3.28.1-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gsettings-desktop-schemas-0:3.32.0-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gtk3-0:3.22.30-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gvfs-0:1.36.2-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mozjs60-0:60.9.0-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mutter-0:3.32.2-10.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nautilus-0:3.28.1-10.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pango-0:1.42.4-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pidgin-0:2.13.0-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "plymouth-0:0.9.3-15.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "SDL-0:1.2.15-35.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "wayland-protocols-0:1.17-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.24.3-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "accountsservice-0:0.6.50-7.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "appstream-data-0:8-20190805.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "baobab-0:3.28.0-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "chrome-gnome-shell-0:10.1-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "evince-0:3.28.4-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "file-roller-0:3.28.1-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gdk-pixbuf2-0:2.36.12-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gdm-1:3.28.3-22.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gjs-0:1.56.2-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-control-center-0:3.28.2-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-desktop3-0:3.32.2-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-remote-desktop-0:0.1.6-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-settings-daemon-0:3.32.0-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-shell-0:3.32.2-9.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-shell-extensions-0:3.32.1-10.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-software-0:3.30.6-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-tweaks-0:3.28.1-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gsettings-desktop-schemas-0:3.32.0-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gtk3-0:3.22.30-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gvfs-0:1.36.2-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "mozjs60-0:60.9.0-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "mutter-0:3.32.2-10.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "nautilus-0:3.28.1-10.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "pango-0:1.42.4-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "pidgin-0:2.13.0-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "plymouth-0:0.9.3-15.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "SDL-0:1.2.15-35.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "wayland-protocols-0:1.17-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3553", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.24.3-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: processing maliciously crafted web content lead to URI spoofing", "id": "1667409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667409"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge."], "name": "CVE-2019-6251", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2018-09-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-6251\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6251"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object