CVE-2023-40580

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-40580
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40580.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-40580
Related
  • GHSA-vqr6-hwg2-775w
Published
2023-08-25T20:15:08Z
Modified
2025-01-15T04:57:22.723997Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.

References

Affected packages

Git / github.com/stellar/freighter

Affected ranges

Type
GIT
Repo
https://github.com/stellar/freighter
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.0
1.0.3-alpha
1.0.3-beta.2
1.0.4-beta.0
1.0.5-alpha
1.0.5-beta.0
1.0.6-beta.0
1.0.7-beta.0
1.0.8-beta.0
1.0.9
1.1.0
1.1.0-rc.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0

2.*

2.1.0-beta.2.1.0
2.1.1-beta.2.1.1
2.1.2
2.1.2-beta.0
2.1.2-beta.1
2.1.2-beta.2
2.1.2-beta.3
2.1.2-beta.4
2.1.2-beta.5
2.1.2-beta.6
2.10.0
2.11.0
2.11.1
2.12.0
2.12.1
2.12.2
2.12.3
2.2.0
2.2.1
2.3.0
2.4.0
2.4.1
2.5.0
2.6.0
2.7.0
2.7.1
2.8.0
2.9.0
2.9.1
2.9.2
2.9.3

3.*

3.0.0
3.0.1

4.*

4.0.0
4.0.1
4.0.2

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1.0
5.1.1
5.1.2
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.5-beta.0
5.2.6
5.2.6-beta.0
5.3.0
5.3.0-beta.0
5.4.0-beta.0
5.4.0-beta.1

build-v1.*

build-v1.0.0-beta.1

v1.*

v1.0-alpha
v1.0.0-alpha.6
v1.0.0-alpha.7
v1.0.0-beta.0
v1.0.0-beta.0-pubnet
v1.0.0-beta.1
v1.0.0-beta.1-pubnet
v1.0.0-rc.0
v1.0.0-rc.1
v1.0.1-alpha
v1.0.2-alpha
v1.0.3-beta
v1.0.3-beta.1
v1.0.3-beta.1-xpi
v1.0.4-alpha
v1.0.6-beta.0
v1.0.6-beta.1-rc
v1.0.6-beta.2-rc
v1.0.6-beta.3-rc
v1.0.7-beta.0-rc
v1.0.8-beta.0-rc
v1.0.8-beta.1-rc
v1.0.9-beta.0-rc
v1.1.0-rc.0

v2.*

v2.0-alpha
v2.0.0
v2.0.0-alpha.1
v2.0.0-beta.0
v2.11.0.beta.0
v2.5.0-beta.1
v2.7.0-beta.1
v2.9.0-beta.0