CVE Vulnerabilities

CVE-2019-10875

Authentication Bypass by Spoofing

Published: Apr 05, 2019 | Modified: Apr 22, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the q query parameter. The portion of an https URL before the ?q= substring is not shown to the user.

Weakness

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Affected Software

Name Vendor Start Version End Version
Mi_browser Mi 10.5.6-g (including) 10.5.6-g (including)
Mint_browser Mi 1.5.3 (including) 1.5.3 (including)

References