CVE-2024-29986 : Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

Published 2024-04-18 19:15:11

Updated 2025-01-17 15:49:13

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2024-29986

Microsoft » Edge Chromium
Versions before (<) 124.0.2478.51
cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Matching versions
When used together with: Google » Android » Version: N/A

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 55 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	2.8	2.5	Microsoft Corporation	2024-04-18
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None
5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/...	N/A	N/A	MS-CVE-2024-29986	2024-04-18
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

Assigned by: secure@microsoft.com (Secondary)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29986

CVE-2024-29986 - Security Update Guide - Microsoft - Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Vendor Advisory

Jump to