Moderate

CVE-2007-6640 - Permissions, Privileges, and Access Control vulnerability in Sourceforge Creammonkey/Greasekit

Publication: 2008-01-04
Summary

Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.

Classification
CWE-264: Permissions, Privileges, and Access Control

Risk level (CVSS 6.4)

Moderate

6.4

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Sourceforge Creammonkey 0.9
  • Sourceforge Creammonkey 1.0
  • Sourceforge Creammonkey 1.1
  • Sourceforge Greasekit 1.2
  • Sourceforge Greasekit 1.3