Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-235J-2P37-2VFQ
Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08
VLAI
Details
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-0728"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-11T22:15:00Z",
"severity": "MODERATE"
},
"details": "An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka \u0027Windows Modules Installer Service Information Disclosure Vulnerability\u0027.",
"id": "GHSA-235j-2p37-2vfq",
"modified": "2022-05-24T17:08:31Z",
"published": "2022-05-24T17:08:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0728"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Feb/21"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Feb/16"
}
],
"schema_version": "1.4.0",
"severity": []
}
CVE-2020-0728 (GCVE-0-2020-0728)
Vulnerability from cvelistv5 – Published: 2020-02-11 21:23 – Updated: 2024-08-04 06:11
VLAI
EPSS
VEX
Summary
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://seclists.org/bugtraq/2020/Feb/21 | mailing-listx_refsource_BUGTRAQ |
| http://packetstormsecurity.com/files/156394/Micro… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Feb/16 | mailing-listx_refsource_FULLDISC |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows |
Affected:
10 Version 1803 for 32-bit Systems
Affected: 10 Version 1803 for x64-based Systems Affected: 10 Version 1803 for ARM64-based Systems Affected: 10 Version 1809 for 32-bit Systems Affected: 10 Version 1809 for x64-based Systems Affected: 10 Version 1809 for ARM64-based Systems Affected: 10 Version 1709 for 32-bit Systems Affected: 10 Version 1709 for x64-based Systems Affected: 10 Version 1709 for ARM64-based Systems Affected: 10 Version 1607 for 32-bit Systems Affected: 10 Version 1607 for x64-based Systems |
|
| Microsoft | Windows Server |
Affected:
version 1803 (Core Installation)
Affected: 2019 Affected: 2019 (Core installation) Affected: 2016 Affected: 2016 (Core installation) |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
unspecified
|
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
unspecified
|
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
unspecified
|
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
unspecified
|
|
| Microsoft | Windows 10 Version 1909 for 32-bit Systems |
Affected:
unspecified
|
|
| Microsoft | Windows 10 Version 1909 for x64-based Systems |
Affected:
unspecified
|
|
| Microsoft | Windows 10 Version 1909 for ARM64-based Systems |
Affected:
unspecified
|
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
unspecified
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728"
},
{
"name": "20200216 CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.html"
},
{
"name": "20200218 CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for x64-based Systems"
}
]
},
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1803 (Core Installation)"
},
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2019 (Core installation)"
},
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2016 (Core installation)"
}
]
},
{
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka \u0027Windows Modules Installer Service Information Disclosure Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-18T18:06:20.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728"
},
{
"name": "20200216 CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.html"
},
{
"name": "20200218 CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows",
"version": {
"version_data": [
{
"version_value": "10 Version 1803 for 32-bit Systems"
},
{
"version_value": "10 Version 1803 for x64-based Systems"
},
{
"version_value": "10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "10 Version 1809 for 32-bit Systems"
},
{
"version_value": "10 Version 1809 for x64-based Systems"
},
{
"version_value": "10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "10 Version 1709 for 32-bit Systems"
},
{
"version_value": "10 Version 1709 for x64-based Systems"
},
{
"version_value": "10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "10 Version 1607 for 32-bit Systems"
},
{
"version_value": "10 Version 1607 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_value": "version 1803 (Core Installation)"
},
{
"version_value": "2019"
},
{
"version_value": "2019 (Core installation)"
},
{
"version_value": "2016"
},
{
"version_value": "2016 (Core installation)"
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka \u0027Windows Modules Installer Service Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728"
},
{
"name": "20200216 CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/21"
},
{
"name": "http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.html"
},
{
"name": "20200218 CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0728",
"datePublished": "2020-02-11T21:23:15.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:11:05.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…