CVE-2022-21817
First published: Wed Feb 02 2022(Updated: )
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.
Credit: psirt@nvidia.com psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA Omniverse Launcher | <1.5.2 | |
| Linux Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2022-21817.
What is the severity level of CVE-2022-21817?
The severity level of CVE-2022-21817 is critical with a CVSS score of 9.3.
What is the affected software of CVE-2022-21817?
The affected software of CVE-2022-21817 is NVIDIA Omniverse Launcher version up to exclusive 1.5.2.
What is the impact of CVE-2022-21817?
CVE-2022-21817 can allow an unprivileged remote attacker, through a malicious site, to acquire access tokens and access resources in other security domains, potentially leading to code execution.
Is Linux Linux kernel or Microsoft Windows affected by CVE-2022-21817?
No, Linux Linux kernel and Microsoft Windows are not affected by CVE-2022-21817.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia omniverse launcher
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows