CVE-2020-1056Incorrect Permission Assignment in Microsoft Edge ON Windows 10 Version 1607 FOR 32-bit Systems

CWE-732Incorrect Permission AssignmentCWE-1056Invokable Control Element with Variadic ParametersCWE-1188Initialization of a Resource with an Insecure DefaultCWE-287Improper AuthenticationCWE-306Missing Authentication for Critical Function5 documents5 sources
Severity
8.1HIGHNVD
EPSS
14.8%
top 5.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
19
Microsoft Edge ON Windows 10 Version 1607 FOR 32-bit SystemsMicrosoft Edge ON Windows 10 Version 1607 FOR X64-based SystemsMicrosoft Edge ON Windows 10 Version 1709 FOR 32-bit Systems+16 more
Timeline
PublishedMay 21
Latest updateMay 24

Description

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages19 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-mg74-7m97-36j6: An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to a2022-05-24
GHSA
Authentication bypass in Apache Airflow2021-04-30
CVEList
CVE-2020-1056: An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to a2020-05-21

📋Vendor Advisories

1
Microsoft
Microsoft Edge Elevation of Privilege Vulnerability2020-05-12
CVE-2020-1056 — Incorrect Permission Assignment | cvebase