CVE-2024-21423

Опубликовано: 23 фев. 2024

Источник: msrc

CVSS3: 4.8

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

FAQ

Microsoft Edge Channel	Microsoft Edge Version	Date Released	Based on Chromium Version
Stable	122.0.2365.52	2/23/2024	122.0.6261.57/.58

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained.

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability?

The attacker who successfully exploited the vulnerability could have limited ability to perform code execution.

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 80%

0.01386

Низкий

4.8 Medium

CVSS3

Связанные уязвимости

CVE-2024-21423

CVSS3: 4.8

nvd

почти 2 года назад

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

GHSA-h92p-2jv6-wm6r

CVSS3: 4.8

github

почти 2 года назад

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

BDU:2024-01571

CVSS3: 4.8

fstec

почти 2 года назад

Уязвимость браузера Microsoft Edge, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 80%

0.01386

Низкий

4.8 Medium

CVSS3