CVE-2018-8366 — Sensitive Information Exposure in Microsoft Edge

CWE-200 — Sensitive Information Exposure8 documents7 sources

Severity

3.1LOWNVD

EPSS

15.6%

top 5.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge

Timeline

PublishedSep 13

Latest updateMay 14

Description

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_edgeWindows 10 Version 1803 for 32-bit Systems, Windows 10 Version 1803 for x64-based Systems+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-m3qg-3g4c-5jwm: An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Inf↗2022-05-14

▶

CVEList

CVE-2018-8366: An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Inf↗2018-09-13

▶

💥Exploits & PoCs

Exploit-DB

Phoenix Contact WebVisit 6.40.00 - Password Disclosure↗2018-10-11

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Information Disclosure Vulnerability↗2018-09-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - September 2018↗2018-09-11

▶

Talos

Microsoft Patch Tuesday - September 2018↗2018-09-11

▶

💬Community

Bugzilla

Stealing of URL cross-domain using performance.getEntries() once again, treat meta refresh channel as a redirect by setting result principal URL↗2018-06-13

▶