Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-29144 (GCVE-0-2022-29144)
Vulnerability from cvelistv5 – Published: 2023-06-29 00:47 – Updated: 2025-01-02 18:52
VLAI?
EPSS
Summary
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Severity ?
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 100.0.1185.44
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:59.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "100.0.1185.44",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "100.0.1185.44",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-04-15T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:52:21.465Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
}
],
"title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-29144",
"datePublished": "2023-06-29T00:47:56.851Z",
"dateReserved": "2022-04-12T19:31:35.279Z",
"dateUpdated": "2025-01-02T18:52:21.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"100.0.1185.44\", \"matchCriteriaId\": \"881EC031-6B27-4BF3-9025-D4BFF008DABE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability\"}]",
"id": "CVE-2022-29144",
"lastModified": "2024-11-21T06:58:34.593",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}]}",
"published": "2023-06-29T01:15:49.663",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-29144\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-06-29T01:15:49.663\",\"lastModified\":\"2024-11-21T06:58:34.593\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"100.0.1185.44\",\"matchCriteriaId\":\"881EC031-6B27-4BF3-9025-D4BFF008DABE\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
MSRC_CVE-2022-29144
Vulnerability from csaf_microsoft - Published: 2022-04-12 08:00 - Updated: 2023-08-01 07:00Summary
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action
Required. The vulnerability documented by this CVE requires customer action to resolve.
{
"document": {
"acknowledgments": [
{
"names": [
"\u003ca href=\"https://www.daviderceg.com/\"\u003eDavid Erceg\u003c/a\u003e"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29144 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
},
{
"category": "self",
"summary": "CVE-2022-29144 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/2022/msrc_cve-2022-29144.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tracking": {
"current_release_date": "2023-08-01T07:00:00.000Z",
"generator": {
"date": "2025-01-02T18:51:02.285Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-29144",
"initial_release_date": "2022-04-12T08:00:00.000Z",
"revision_history": [
{
"date": "2022-04-15T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2023-08-01T07:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated one or more CVSS scores for the affected products. This is an informational change only."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c100.0.1185.44",
"product": {
"name": "Microsoft Edge (Chromium-based) \u003c100.0.1185.44",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "100.0.1185.44",
"product": {
"name": "Microsoft Edge (Chromium-based) 100.0.1185.44",
"product_id": "11655"
}
}
],
"category": "product_name",
"name": "Microsoft Edge (Chromium-based)"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-29144",
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.",
"title": "According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn\u0027t allow for this type of nuance.",
"title": "Why is the severity for this CVE rated as Moderate, but the CVSS score is 8.3?"
},
{
"category": "faq",
"text": "The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.\nIn your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window\nClick on Help and Feedback\nClick on About Microsoft Edge",
"title": "Why is this Chrome CVE included in the Security Update Guide?"
},
{
"category": "faq",
"text": "100.0.1185.44: 100.0.1185.44, 4/15/2022: 4/15/2022, 100.0.4896.127: 100.0.4896.127, 100.0.1185.44: 100.0.1185.44, 4/15/2022: 4/15/2022, 100.0.4896.88: 100.0.4896.88",
"title": "What is the version information for this release?"
}
],
"product_status": {
"fixed": [
"11655"
],
"known_affected": [
"1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29144 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
},
{
"category": "self",
"summary": "CVE-2022-29144 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-15T07:00:00.000Z",
"details": "100.0.1185.44:Security Update:https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security",
"product_ids": [
"1"
],
"url": "https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Elevation of Privilege"
},
{
"category": "exploit_status",
"details": "Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely"
}
],
"title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
]
}
GSD-2022-29144
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-29144",
"id": "GSD-2022-29144"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-29144"
],
"details": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"id": "GSD-2022-29144",
"modified": "2023-12-13T01:19:41.737501Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-29144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge (Chromium-based)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.0",
"version_value": "100.0.1185.44"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "100.0.1185.44",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-29144"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-08-01T23:15Z",
"publishedDate": "2023-06-29T01:15Z"
}
}
}
FKIE_CVE-2022-29144
Vulnerability from fkie_nvd - Published: 2023-06-29 01:15 - Updated: 2024-11-21 06:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | edge_chromium | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "881EC031-6B27-4BF3-9025-D4BFF008DABE",
"versionEndExcluding": "100.0.1185.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"id": "CVE-2022-29144",
"lastModified": "2024-11-21T06:58:34.593",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2023-06-29T01:15:49.663",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2022-AVI-357
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 100.0.1185.44 bas\u00e9e sur Chromium versions 100.0.4896.127 et 100.0.4896.88",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1307"
},
{
"name": "CVE-2022-29144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29144"
},
{
"name": "CVE-2022-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1306"
},
{
"name": "CVE-2022-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1308"
},
{
"name": "CVE-2022-1313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1313"
},
{
"name": "CVE-2022-1314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1314"
},
{
"name": "CVE-2022-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1305"
},
{
"name": "CVE-2022-1310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1310"
},
{
"name": "CVE-2022-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1312"
},
{
"name": "CVE-2022-1364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1364"
},
{
"name": "CVE-2022-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1309"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-357",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1364 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1308 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1308"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1313 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1313"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1306 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1306"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1309 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1309"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1312 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1312"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1307 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1307"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1314 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1310 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1310"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-29144 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1305 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1305"
}
]
}
CERTFR-2022-AVI-446
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une usurpation d'identité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge (Chromium-based) versions ant\u00e9rieures \u00e0 101.0.1210.32",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1478"
},
{
"name": "CVE-2022-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1485"
},
{
"name": "CVE-2022-29147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29147"
},
{
"name": "CVE-2022-1479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1479"
},
{
"name": "CVE-2022-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1307"
},
{
"name": "CVE-2022-29144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29144"
},
{
"name": "CVE-2022-1498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1498"
},
{
"name": "CVE-2022-1490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1490"
},
{
"name": "CVE-2022-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1306"
},
{
"name": "CVE-2022-1497",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1497"
},
{
"name": "CVE-2022-1480",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1480"
},
{
"name": "CVE-2022-1500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1500"
},
{
"name": "CVE-2022-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1308"
},
{
"name": "CVE-2022-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1483"
},
{
"name": "CVE-2022-1501",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1501"
},
{
"name": "CVE-2022-1495",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1495"
},
{
"name": "CVE-2022-1487",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1487"
},
{
"name": "CVE-2022-1313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1313"
},
{
"name": "CVE-2022-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1484"
},
{
"name": "CVE-2022-1314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1314"
},
{
"name": "CVE-2022-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1305"
},
{
"name": "CVE-2022-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1494"
},
{
"name": "CVE-2022-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1488"
},
{
"name": "CVE-2022-1499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1499"
},
{
"name": "CVE-2022-1310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1310"
},
{
"name": "CVE-2022-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1312"
},
{
"name": "CVE-2022-1364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1364"
},
{
"name": "CVE-2022-1491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1491"
},
{
"name": "CVE-2022-1481",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1481"
},
{
"name": "CVE-2022-1493",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1493"
},
{
"name": "CVE-2022-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1486"
},
{
"name": "CVE-2022-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1309"
},
{
"name": "CVE-2022-1492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1492"
},
{
"name": "CVE-2022-1482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1482"
},
{
"name": "CVE-2022-29146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29146"
},
{
"name": "CVE-2022-1477",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1477"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1491 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1491"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1306 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1306"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1492 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1492"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1486 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1486"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1494 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1494"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1495 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1495"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1310 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1310"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1308 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1308"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1501 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1501"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1481 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1481"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-29147 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29147"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1500 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1500"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1312 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1312"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1483 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1483"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1313 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1313"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1497 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1497"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1484 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1484"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1487 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1307 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1307"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1479 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1479"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1364 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-29146 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29146"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1499 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1499"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1498 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1498"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-29144 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1477 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1477"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1485 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1485"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1478 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1478"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1490 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1490"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1493 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1493"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1309 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1309"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1482 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1482"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1488 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1488"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1305 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1305"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1314 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1480 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1480"
}
],
"reference": "CERTFR-2022-AVI-446",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une usurpation d\u0027identit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-357
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 100.0.1185.44 bas\u00e9e sur Chromium versions 100.0.4896.127 et 100.0.4896.88",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1307"
},
{
"name": "CVE-2022-29144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29144"
},
{
"name": "CVE-2022-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1306"
},
{
"name": "CVE-2022-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1308"
},
{
"name": "CVE-2022-1313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1313"
},
{
"name": "CVE-2022-1314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1314"
},
{
"name": "CVE-2022-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1305"
},
{
"name": "CVE-2022-1310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1310"
},
{
"name": "CVE-2022-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1312"
},
{
"name": "CVE-2022-1364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1364"
},
{
"name": "CVE-2022-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1309"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-357",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1364 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1308 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1308"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1313 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1313"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1306 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1306"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1309 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1309"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1312 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1312"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1307 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1307"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1314 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1310 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1310"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-29144 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1305 du 15 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1305"
}
]
}
CERTFR-2022-AVI-446
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une usurpation d'identité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge (Chromium-based) versions ant\u00e9rieures \u00e0 101.0.1210.32",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1478"
},
{
"name": "CVE-2022-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1485"
},
{
"name": "CVE-2022-29147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29147"
},
{
"name": "CVE-2022-1479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1479"
},
{
"name": "CVE-2022-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1307"
},
{
"name": "CVE-2022-29144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29144"
},
{
"name": "CVE-2022-1498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1498"
},
{
"name": "CVE-2022-1490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1490"
},
{
"name": "CVE-2022-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1306"
},
{
"name": "CVE-2022-1497",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1497"
},
{
"name": "CVE-2022-1480",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1480"
},
{
"name": "CVE-2022-1500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1500"
},
{
"name": "CVE-2022-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1308"
},
{
"name": "CVE-2022-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1483"
},
{
"name": "CVE-2022-1501",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1501"
},
{
"name": "CVE-2022-1495",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1495"
},
{
"name": "CVE-2022-1487",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1487"
},
{
"name": "CVE-2022-1313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1313"
},
{
"name": "CVE-2022-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1484"
},
{
"name": "CVE-2022-1314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1314"
},
{
"name": "CVE-2022-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1305"
},
{
"name": "CVE-2022-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1494"
},
{
"name": "CVE-2022-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1488"
},
{
"name": "CVE-2022-1499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1499"
},
{
"name": "CVE-2022-1310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1310"
},
{
"name": "CVE-2022-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1312"
},
{
"name": "CVE-2022-1364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1364"
},
{
"name": "CVE-2022-1491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1491"
},
{
"name": "CVE-2022-1481",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1481"
},
{
"name": "CVE-2022-1493",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1493"
},
{
"name": "CVE-2022-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1486"
},
{
"name": "CVE-2022-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1309"
},
{
"name": "CVE-2022-1492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1492"
},
{
"name": "CVE-2022-1482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1482"
},
{
"name": "CVE-2022-29146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29146"
},
{
"name": "CVE-2022-1477",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1477"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1491 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1491"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1306 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1306"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1492 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1492"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1486 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1486"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1494 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1494"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1495 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1495"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1310 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1310"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1308 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1308"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1501 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1501"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1481 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1481"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-29147 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29147"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1500 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1500"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1312 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1312"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1483 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1483"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1313 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1313"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1497 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1497"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1484 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1484"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1487 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1307 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1307"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1479 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1479"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1364 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-29146 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29146"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1499 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1499"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1498 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1498"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-29144 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1477 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1477"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1485 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1485"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1478 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1478"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1490 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1490"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1493 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1493"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1309 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1309"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1482 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1482"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1488 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1488"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1305 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1305"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1314 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-1480 du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1480"
}
],
"reference": "CERTFR-2022-AVI-446",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une usurpation d\u0027identit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 mai 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
GHSA-RVMM-RM93-GQ2J
Vulnerability from github – Published: 2023-06-29 03:30 – Updated: 2024-04-04 05:16
VLAI?
Details
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Severity ?
8.3 (High)
{
"affected": [],
"aliases": [
"CVE-2022-29144"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-29T01:15:49Z",
"severity": "HIGH"
},
"details": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"id": "GHSA-rvmm-rm93-gq2j",
"modified": "2024-04-04T05:16:45Z",
"published": "2023-06-29T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29144"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…