CVE-2020-1195Improper Input Validation in Microsoft Edge

CWE-20Improper Input ValidationCWE-269Improper Privilege Management4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
5.7%
top 9.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Edge
Timeline
PublishedMay 21
Latest updateMay 24

Description

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

CVEListV5microsoft/microsoft_edgeunspecified

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-p4m4-hrvw-wv96: An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microso2022-05-24
CVEList
CVE-2020-1195: An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microso2020-05-21

📋Vendor Advisories

1
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability2020-05-12
CVE-2020-1195 — Improper Input Validation in Microsoft | cvebase