116 – XS-Leaks

Description

It is possible to use browser side-channels to obtain sensitive information from the users.

Impact

- Know the step in which the user is at a given moment. - Leak sensitive data of the user without authorization.

Recommendation

Load the same amount of frames in all application load cases.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: P
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 062 - Define standard configurations
• 176 - Restrict system objects
• 266 - Disable insecure functionalities

Fixes

• Python
• Ruby

Last updated

2024/02/13