Vulnerabilities > CVE-2017-14460 - Unspecified vulnerability in Parity Ethereum Client 1.7.8

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

parity

NVD

Published: 2018-01-19

Updated: 2022-04-19

Summary

An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Parity Parity Ethereum Client 1.7.8	1

Talos

id	TALOS-2017-0508
last seen	2019-05-29
published	2018-01-09
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508
title	Parity Ethereum Client Overly Permissive Cross-domain Whitelist JSON-RPC vulnerability

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508