CVE-2020-1059 — Open Redirect in Microsoft Edge ON Windows 10 Version 1803 FOR 32-bit Systems

CWE-601 — Open Redirect4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

2.3%

top 15.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge ON Windows 10 Version 1803 FOR 32-bit Systems Microsoft Edge ON Windows 10 Version 1803 FOR Arm64-based Systems Microsoft Edge ON Windows 10 Version 1803 FOR X64-based Systems +10 more

Timeline

PublishedMay 21

Latest updateMay 24

Description

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages13 packages

▶CVEListV5microsoft/microsoft_edge_on_windows_server_2019unspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1803_for_32-bit_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1809_for_32-bit_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1903_for_32-bit_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1909_for_32-bit_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-mvgv-j2f5-78mw: A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'↗2022-05-24

▶

CVEList

CVE-2020-1059: A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'↗2020-05-21

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Spoofing Vulnerability↗2020-05-12

▶