{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T06:04:43.800","vulnerabilities":[{"cve":{"id":"CVE-2020-15679","sourceIdentifier":"security@mozilla.org","published":"2022-12-22T20:15:10.730","lastModified":"2025-04-16T16:15:17.350","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360)."},{"lang":"es","value":"Existía una vulnerabilidad de reparación de sesión de OAuth en el flujo de inicio de sesión de VPN, donde un atacante podía crear una URL de inicio de sesión personalizada, convencer a un usuario de VPN para que iniciara sesión a través de esa URL y obtener acceso autenticado como ese usuario. Este problema se limita a los casos en los que el atacante y la víctima comparten la misma IP de origen y podría permitir la posibilidad de ver los estados de las sesiones y desconectar las sesiones de VPN. Esta vulnerabilidad afecta a Mozilla VPN iOS 1.0.7 &lt; (929), Mozilla VPN Windows &lt; 1.2.2 y Mozilla VPN Android 1.1.0 &lt; (1360)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"1.0.7_\\(929\\)","matchCriteriaId":"BCE5840F-B8E4-4B91-AF81-123C0E5DC0D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:windows:*:*","versionEndExcluding":"1.2.2","matchCriteriaId":"4923D7EA-8A4F-485F-ADB0-C56BBDC420EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:ipados:*:*","versionStartIncluding":"1.0.7","versionEndExcluding":"1.0.7_\\(929\\)","matchCriteriaId":"CE3CB7D7-49C2-4516-8110-6E5B4FCB450B"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:android:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"1.1.0_\\(1360\\)","matchCriteriaId":"3A2E0580-85D3-4DA0-A6D6-F56B9E60A432"}]}]}],"references":[{"url":"https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9","source":"security@mozilla.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54","source":"security@mozilla.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b","source":"security@mozilla.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2020-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2020-48/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}