Description
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/5199
Scores
CVSS v3
8.3
EPSS
0.0031
EPSS Percentile
54.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
Status
published
Products (1)
nvidia/geforce_experience
< 3.23
Published
Jun 25, 2021
Tracked Since
Feb 18, 2026