CVE-2022-21817
Last modified
CVE-2022-21817 is a critical-severity vulnerability rated 9.3/10 on the CVSS scale. NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.. EPSS estimates a 1.96% chance of exploitation in the next 30 days.
Description
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Omniverse Launcher | < 1.5.2 |
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5318Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/5318Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-21817?
How severe is CVE-2022-21817?
How do I fix CVE-2022-21817?
Are you affected by CVE-2022-21817?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST