CVE-2020-1195

Опубликовано: 21 мая 2020

Источник: msrc

CVSS3: 3.1

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges.

The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.

The security update addresses the vulnerability by modifying how Microsoft Edge (Chromium-based) Feedback extension validates files.

FAQ

What version of Microsoft Edge (Chromium-base) contains the fix for this vulnerability?

The version that contains the update is 83.0.478.37.

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

N/A

DOS

N/A

EPSS

Процентиль: 90%

0.0565

Низкий

3.1 Low

CVSS3

Связанные уязвимости

CVE-2020-1195

CVSS3: 5.9

nvd

больше 5 лет назад

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.

GHSA-p4m4-hrvw-wv96

github

больше 3 лет назад

BDU:2020-03347

CVSS3: 5.9

fstec

больше 5 лет назад

Уязвимость расширения Feedback браузера Microsoft Edge, позволяющая нарушителю повысить свои привилегии

BDU:2020-03092

CVSS3: 5.9

fstec

больше 5 лет назад

Уязвимость расширения Feedback браузера Microsoft Edge, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 90%

0.0565

Низкий

3.1 Low

CVSS3