CVE-2023-36409

Опубликовано: 20 окт. 2023

Источник: msrc

CVSS3: 6.5

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

FAQ

What is the version information for this release?

Microsoft Edge Channel	Microsoft Edge Version	Based on Chromium Version	Date Released
Stable	118.0.2088.46	118.0.5993.70/.71	10/13/2023

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Enclave memory read - unprivileged write to enclave memory from a host application, which can leak memory contents of the enclave.

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The attacker who successfully exploits the vulnerability could lead to file overwrite, which has minimal impact.

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 82%

0.01774

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-36409

CVSS3: 6.5

nvd

больше 2 лет назад

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

GHSA-98mf-83qw-2xg8

CVSS3: 6.5

github

больше 2 лет назад

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

BDU:2023-07175

CVSS3: 6.5

fstec

больше 2 лет назад

Уязвимость браузера Microsoft Edge (на базе Chromium), связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 82%

0.01774

Низкий

6.5 Medium

CVSS3