https://nvidia.custhelp.com/app/answers/detail/a_id/5199

CWE-668

NVD-CWE-noinfo

NIST AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NIST (AV:N/AC:H/Au:N/C:P/I:P/A:P)

NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P)

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users' data being accessed, altered, or lost.

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.

NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P)

NIST CWE-668

AND
     OR
          *cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:* versions up to (excluding) 3.23
     OR
          cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

https://nvidia.custhelp.com/app/answers/detail/a_id/5199 No Types Assigned

https://nvidia.custhelp.com/app/answers/detail/a_id/5199 Vendor Advisory

Victim must voluntarily interact with attack mechanism