CVE-2023-40580
HIGHstellar/freighter < 5.3.1 - Unauthorized Exposure of Recovery Mnemonic Phrase
Title source: llmDescription
Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w
Patch x_refsource_misc
https://github.com/stellar/freighter/pull/948
Scores
CVSS v3
8.1
EPSS
0.0056
EPSS Percentile
42.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-200
Status
published
Products (1)
stellar/freighter
< 5.3.1
Published
Aug 25, 2023
Tracked Since
Feb 18, 2026