MEDIUM 4.3 Publié le 2018-04-01

CVE-2018-6849

In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Apps mobiles affectées

DuckDuckGo

com.duckduckgo.mobile.ios

1 ouverte

DuckDuckGo

com.duckduckgo.mobile.android

1 ouverte

Configurations CPE vulnérables

Vendor	Produit	Plateforme	Versions	CPE 2.3 URI
duckduckgo	duckduckgo	Android	—	cpe:2.3:a:duckduckgo:duckduckgo:4.2.0:::::::*
duckduckgo	duckduckgo	iOS	—	cpe:2.3:a:duckduckgo:duckduckgo:4.2.0:::::::*

Voir sur NVD ↗