CVE-2023-25524

Summary

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAOmniverse Workstation Launcher1.8.7 and prior versionsaffected

Weaknesses

  • CWE-598: CWE-598 Use of GET Request Method With Sensitive Query Strings

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References