Vulnerabilities > CVE-2017-14460 - Unspecified vulnerability in Parity Ethereum Client 1.7.8

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
parity

Summary

An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Parity
1

Talos

idTALOS-2017-0508
last seen2019-05-29
published2018-01-09
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508
titleParity Ethereum Client Overly Permissive Cross-domain Whitelist JSON-RPC vulnerability