Attacker Value

Unknown

(1 user assessed)

Exploitability

Unknown

(1 user assessed)

User Interaction

Required

Privileges Required

None

Attack Vector

Network

CVE-2021-30617

Disclosure Date: September 03, 2021 •

CVE-2021-30617 CVSS v3 Base Score: 6.5

Exploited in the Wild

Reported by GhostlaX
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Chromium: CVE-2021-30617 Policy bypass in Blink

Add Assessment

GhostlaX (4)

September 04, 2021 2:28am UTC (3 years ago)•

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

High

Availability (A):

None

Vendors

fedoraproject,
microsoft

Products

edge,
edge chromium,
fedora 35

Exploited in the Wild

Reported by:

GhostlaX indicated sources as

Vendor Advisory
Government or Industry Alert
Threat Feed
News Article or Blog
Personally observed in an environment (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-30618)

Reported: September 04, 2021 2:27am UTC (3 years ago) • Edited 3 years ago

References

Canonical

CVE-2021-30617 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30617)

Advisory

FEDORA-2021-78b9d84299 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF/)

FEDORA-2021-6225d60814 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L/)

FEDORA-2021-02b301441f (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/)

Miscellaneous

https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html

https://crbug.com/1226909

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617

Rapid7

Unknown

CVE-2021-30617

Unknown

Unknown

Required

None

Network

CVE-2021-30617

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2021-30617

Unknown

Unknown

Required

None

Network

CVE-2021-30617

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification