GoogleOSV:GHSA-93C7-2942-3H47ChakraCore information disclosure vulnerability
4.2 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.009 Low
EPSS
Percentile
82.1%
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka âMicrosoft Scripting Engine Information Disclosure Vulnerability.â This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
References
github.com/chakra-core/ChakraCore
github.com/chakra-core/ChakraCore/commit/e03b3e30160ac5846b246931634962ce6bd1db83
github.com/chakra-core/ChakraCore/pull/5688
nvd.nist.gov/vuln/detail/CVE-2018-8315
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8315
web.archive.org/web/20210124203128/www.securityfocus.com/bid/105251
web.archive.org/web/20211206083609/https://securitytracker.com/id/1041623
Related
4.2 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.009 Low
EPSS
Percentile
82.1%