CVE-2022-21817
CRITICALNVIDIA Omniverse Launcher < 1.5.2 - Unauthenticated Cross-Origin Resource Sharing
Title source: llmDescription
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://nvidia.custhelp.com/app/answers/detail/a_id/5318
Scores
CVSS v3
9.3
EPSS
0.0091
EPSS Percentile
76.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Details
Status
published
Products (1)
nvidia/omniverse_launcher
< 1.5.2
Published
Feb 02, 2022
Tracked Since
Feb 18, 2026