CVE-2023-28303

2023-06-1317:15:14

CWE-359

microsoft

web.nvd.nist.gov

1292

cve-2023-28303

information disclosure

vulnerability

nvd

windows snipping tool

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

Windows Snipping Tool Information Disclosure Vulnerability

Affected configurations

Nvd

Vulners

Node

microsoftsnip_\&_sketchRange9.0–10.2008.3001.0

microsoftsnipping_toolRange11.0.0–11.2302.20.0

VendorProductVersionCPE
microsoftsnip_\&_sketch*cpe:2.3:a:microsoft:snip_\&_sketch:*:*:*:*:*:*:*:*
microsoftsnipping_tool*cpe:2.3:a:microsoft:snipping_tool:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	snip_\&_sketch	*	cpe:2.3:a:microsoft:snip_\&_sketch::::::::
microsoft	snipping_tool	*	cpe:2.3:a:microsoft:snipping_tool::::::::

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Snipping Tool",
    "cpes": [
      "cpe:2.3:a:microsoft:snipping_tool:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "11.0.0",
        "lessThan": "11.2302.20.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Snip & Sketch for Windows 10",
    "cpes": [
      "cpe:2.3:a:microsoft:snip_and_sketch:*:*:*:*:*:windows_10:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "9.0",
        "lessThan": "10.2008.3001.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]