CVE-2018-6608 Information

Description

In the WebRTC component in Opera 51.0.2830.55 after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com) the browser can disclose a private IP address in a STUN request.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Reference

https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit?usp=sharing https://github.com/VoidSec/WebRTC-Leak https://news.ycombinator.com/item?id=16699270 https://voidsec.com/vpn-leak/ https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customers-ip-address-via-webrtc-bug/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3