Rewterz Threat Advisory – CVE-2022-1162 – GitLab Password Security Vulnerability
April 4, 2022Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
April 5, 2022Rewterz Threat Advisory – CVE-2022-1162 – GitLab Password Security Vulnerability
April 4, 2022Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
April 5, 2022Severity
High
Analysis Summary
CVE-2022-26912 CVSS:8.3
Microsoft Edge could allow a remote attacker to gain elevated privileges on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26909 CVSS:8.3
Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26908 CVSS:8.3
Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26900 CVSS:8.3
Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open a specially-crafted content, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26895 CVSS:8.3
Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open a specially-crafted content, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26894 CVSS:8.3
Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open a specially-crafted content, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26891 CVSS:8.3
Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open a specially-crafted content, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24475 CVSS:8.3
Microsoft Edge (Chromium-based) allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2022-24523 CVSS:4.3
Microsoft Edge (Chromium-based) could allow a remote attacker to conduct spoofing attacks.
Impact
- Privilege Escalation
- Gain Access
Indicator Of Compromise
CVE
- CVE-2022-26912
- CVE-2022-26909
- CVE-2022-26908
- CVE-2022-26900
- CVE-2022-26895
- CVE-2022-26894
- CVE-2022-26891
- CVE-2022-24475
- CVE-2022-24523
Affected Vendors
- Microsoft
Affected Products
- Microsoft Edge (Chromium-based)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.