CVE-2018-8567 — Microsoft Edge vulnerability

4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

3.0%

top 13.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge

Timeline

PublishedNov 14

Latest updateMay 13

Description

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_edge10 versions+9

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-3c9x-2mx6-v84j: An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to a↗2022-05-13

▶

CVEList

CVE-2018-8567: An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to a↗2018-11-14

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Elevation of Privilege Vulnerability↗2018-11-13

▶