CVE-2024-49054

Опубликовано: 21 нояб. 2024

Источник: msrc

CVSS3: 4.3

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Spoofing Vulnerability

FAQ

What is the version information for this release?

Microsoft Edge Version	Date Released	Based on Chromium Version
131.0.2903.63	11/21/2024	131.0.6778.85/.86

According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability

An attacker could create a long URL for a download domain so that when Edge displays the entire URL the main part of the domain gets cut off.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 32%

0.00126

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-49054

CVSS3: 4.3

nvd

около 1 года назад

Microsoft Edge (Chromium-based) Spoofing Vulnerability

GHSA-92xr-2g8g-228q

CVSS3: 4.3

github

около 1 года назад

Microsoft Edge (Chromium-based) Spoofing Vulnerability

BDU:2025-02248

CVSS3: 4.3

fstec

около 1 года назад

Уязвимость браузера Microsoft Edge, связанная с отсутствием предупреждений об опасных действиях, позволяющая нарушителю проводить спуфинг атаки

EPSS

Процентиль: 32%

0.00126

Низкий

4.3 Medium

CVSS3