Microsoft Edge Information Disclosure Vulnerability - CVE-2018-8366ID: oval:org.secpod.oval:def:47411 | Date: (C)2018-09-12 (M)2024-01-19 |
Class: VULNERABILITY | Family: windows |
An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request. Websites that that do not securely populate the URL with confidential information could allow information to be disclosed to an attacker. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, the user must be logged on to a website that does not securely populate URLs with confidential information. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince the user to take action. For example, an attacker could trick a user into clicking a link that takes them to the attacker's site.
Platform: |
Microsoft Windows 10 |