CVE-2019-1030 — Sensitive Information Exposure in Microsoft Edge

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

21.4%

top 4.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge

Timeline

PublishedAug 14

Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially c…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_edge1.0..0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-78p9-q5qg-rg87: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vu↗2022-05-24

▶

CVEList

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability↗2019-08-14

▶

📋Vendor Advisories

Microsoft

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability↗2019-08-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage↗2019-08-13

▶

Talos

Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage↗2019-08-13

▶