github - ghsa-vr2w-wm3v-j642

ghsa-vr2w-wm3v-j642

Vulnerability from github

Published

2022-05-13 01:53

Modified

2022-05-13 01:53

Severity

4.6 (Medium) - CVSS_V3 - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-8253"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-15T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka \"Microsoft Cortana Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10.",
  "id": "GHSA-vr2w-wm3v-j642",
  "modified": "2022-05-13T01:53:36Z",
  "published": "2022-05-13T01:53:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8253"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105009"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041477"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2018-8253

Vulnerability from cvelistv5

Published

2018-08-15 17:00

Modified

2024-08-05 06:46

Severity

Summary

An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.

References

URL	Tags
http://www.securitytracker.com/id/1041477	vdb-entry, x_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253	x_refsource_CONFIRM
http://www.securityfocus.com/bid/105009	vdb-entry, x_refsource_BID

Impacted products

Vendor	Product
Microsoft	Windows Server 2016
Microsoft	Windows 10

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041477",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041477"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253"
          },
          {
            "name": "105009",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "(Server Core installation)"
            }
          ]
        },
        {
          "product": "Windows 10",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1607 for x64-based Systems"
            }
          ]
        }
      ],
      "datePublic": "2018-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka \"Microsoft Cortana Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-16T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041477",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041477"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253"
        },
        {
          "name": "105009",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105009"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8253",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Windows Server 2016",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(Server Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1607 for x64-based Systems"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka \"Microsoft Cortana Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041477",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041477"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8253"
            },
            {
              "name": "105009",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105009"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8253",
    "datePublished": "2018-08-15T17:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.