CVE-2024-0310
10.01.2024, 11:15
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration.
| Vendor | Product | Version |
|---|---|---|
| trellix | endpoint_security_web_control | 𝑥 < 10.7.0 |
| trellix | endpoint_security_web_control | 10.7.0 |
𝑥
= Vulnerable software versions