Download of Code Without Integrity Check

CVE-2020-7817

Medium

5.5/10

Summary

MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-494 - Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References

Advisory Timeline

Published Aug 06, 2020

Download of Code Without Integrity Check

CVE-2020-7817

Summary

CWE-494 - Download of Code Without Integrity Check

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS