Raindrop.io Bookmark Manager Web App Chrome Extension Identifier Validation Vulnerability
Vulnerability
A vulnerability in Raindrop.io Bookmark Manager Web App version 5.6.76.0 allows attackers to access sensitive user data by sending a crafted request. This issue arises from inadequate validation of Chrome extension identifiers.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive user data.
Reproduction
To reproduce this vulnerability, send a request to the Raindrop.io Bookmark Manager Web App's user data endpoint, including a manipulated Chrome extension identifier that bypasses the application's validation checks. Ensure that the request originates from a Chrome extension with the modified identifier.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.