{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Jos\u0026#233; Miguel Moreno with \u003ca href=\"https://cosec.inf.uc3m.es/\"\u003eCOSEC (UC3M)\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2024-20675 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675"
      },
      {
        "category": "self",
        "summary": "CVE-2024-20675 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-20675.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2024-01-18T08:00:00.000Z",
      "generator": {
        "date": "2025-05-03T01:46:23.025Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2024-20675",
      "initial_release_date": "2024-01-09T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-01-11T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-01-18T08:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Updated FAQ information. This is an informational change only."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c120.0.2210.133",
            "product": {
              "name": "Microsoft Edge (Chromium-based) \u003c120.0.2210.133",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "120.0.2210.133",
            "product": {
              "name": "Microsoft Edge (Chromium-based) 120.0.2210.133",
              "product_id": "11655"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Edge (Chromium-based)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-20675",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "The attacker would be able to bypass the protection in Edge that prevents a potentially dangerous extension from being downloaded or updated.",
          "title": "What kind of security feature could be bypassed by successfully exploiting this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The user would have to click on a specially crafted URL to be compromised by the attacker.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        },
        {
          "category": "faq",
          "text": "Stable: Stable, 120.0.2210.133: 120.0.2210.133, 120.0.6099.216/217: 120.0.6099.216/217, 1/11/2024: 1/11/2024",
          "title": "What is the version information for this release?"
        },
        {
          "category": "faq",
          "text": "Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, \u0026quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded\u0026quot;. The CVSS scoring system doesn\u0027t allow for this type of nuance.",
          "title": "Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?"
        },
        {
          "category": "faq",
          "text": "While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.",
          "title": "According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The user would have to click on install to be compromised by the attacker.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        }
      ],
      "product_status": {
        "fixed": [
          "11655"
        ],
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-20675 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675"
        },
        {
          "category": "self",
          "summary": "CVE-2024-20675 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-20675.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-01-11T08:00:00.000Z",
          "details": "120.0.2210.133:Security Update:https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security",
          "product_ids": [
            "1"
          ],
          "url": "https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Security Feature Bypass"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
    }
  ]
}

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-20675",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-20675"
    }
  },
  "description": "Microsoft Edge\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eWindows 10\u4e4b\u540e\u7248\u672c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002\n\nMicrosoft Edge (Chromium-based)\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-07800",
  "openTime": "2024-02-05",
  "patchDescription": "Microsoft Edge\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eWindows 10\u4e4b\u540e\u7248\u672c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Edge (Chromium-based)\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Edge (Chromium-based)\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Edge (Chromium-based)"
  },
  "referenceLink": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675",
  "serverity": "\u9ad8",
  "submitTime": "2024-01-16",
  "title": "Microsoft Edge (Chromium-based)\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Edge ist ein Web Browser von Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann eine Schwachstelle in Microsoft Edge ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und um einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0076 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0076.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0076 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0076"
      },
      {
        "category": "external",
        "summary": "Release notes for Microsoft Edge Security Updates vom 2024-01-11",
        "url": "https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Edge: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:35.739+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0076",
      "initial_release_date": "2024-01-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft Edge \u003c 120.0.2210.133",
            "product": {
              "name": "Microsoft Edge \u003c 120.0.2210.133",
              "product_id": "T032021",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:edge:120.0.2210.133"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-21337",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Diese Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2024-21337"
    },
    {
      "cve": "CVE-2024-20721",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Diese Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2024-20721"
    },
    {
      "cve": "CVE-2024-20709",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Diese Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2024-20709"
    },
    {
      "cve": "CVE-2024-20675",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Diese Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2024-20675"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Edge ist ein Web Browser von Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann eine Schwachstelle in Microsoft Edge ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und um einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0076 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0076.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0076 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0076"
      },
      {
        "category": "external",
        "summary": "Release notes for Microsoft Edge Security Updates vom 2024-01-11",
        "url": "https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Edge: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:35.739+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0076",
      "initial_release_date": "2024-01-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft Edge \u003c 120.0.2210.133",
            "product": {
              "name": "Microsoft Edge \u003c 120.0.2210.133",
              "product_id": "T032021",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:edge:120.0.2210.133"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-21337",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Diese Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2024-21337"
    },
    {
      "cve": "CVE-2024-20721",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Diese Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2024-20721"
    },
    {
      "cve": "CVE-2024-20709",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Diese Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2024-20709"
    },
    {
      "cve": "CVE-2024-20675",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Diese Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2024-20675"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 120.0.2336.0",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-20675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20675"
    },
    {
      "name": "CVE-2024-21337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21337"
    },
    {
      "name": "CVE-2024-20721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20721"
    },
    {
      "name": "CVE-2024-0333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0333"
    },
    {
      "name": "CVE-2024-20709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20709"
    }
  ],
  "initial_release_date": "2024-01-12T00:00:00",
  "last_revision_date": "2024-01-12T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20675 du 11 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20709 du 11 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-0333 du 11 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21337 du 11 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20721 du 11 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721"
    }
  ],
  "reference": "CERTFR-2024-AVI-0029",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code arbitraire\n\u00e0 distance et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CC1657-459B-4112-820C-6725AA0F9DD7",
              "versionEndExcluding": "120.0.2210.133",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de omisi\u00f3n de caracter\u00edstica de seguridad de Microsoft Edge (basada en Chromium)"
    }
  ],
  "id": "CVE-2024-20675",
  "lastModified": "2024-11-21T08:52:53.853",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-11T21:15:13.073",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "GSD": {
    "alias": "CVE-2024-20675",
    "id": "GSD-2024-20675"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-20675"
      ],
      "details": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability",
      "id": "GSD-2024-20675",
      "modified": "2023-12-13T01:21:42.904337Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2024-20675",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Edge (Chromium-based)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.0.0",
                          "version_value": "120.0.2210.133"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Security Feature Bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "68CC1657-459B-4112-820C-6725AA0F9DD7",
                    "versionEndExcluding": "120.0.2210.133",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de omisi\u00f3n de caracter\u00edstica de seguridad de Microsoft Edge (basada en Chromium)"
          }
        ],
        "id": "CVE-2024-20675",
        "lastModified": "2024-01-18T19:14:08.637",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.4,
              "source": "secure@microsoft.com",
              "type": "Primary"
            }
          ]
        },
        "published": "2024-01-11T21:15:13.073",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

{
  "affected": [],
  "aliases": [
    "CVE-2024-20675"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-11T21:15:13Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability",
  "id": "GHSA-wcjc-4hjg-fqmg",
  "modified": "2024-01-11T21:31:22Z",
  "published": "2024-01-11T21:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20675"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}