Skip to content

Microsoft MotW indistinguishable descriptions #3

New issue
New issue
Open
Open
Microsoft MotW indistinguishable descriptions#3
@zmanion

Description

@zmanion
zmanion
opened on Dec 7, 2022

The descriptions for CVE-2022-41049 and CVE-2022-41091 are identical except for description text stating that each is not the other and the descriptions do not convey sufficient information to uniquely identify vulnerabilities.

CVE-2022-41049 description:

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091.

CVE-2022-41091 description:

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.

These descriptions do seem to meet the minimum requirements in 8.2.3 (Vulnerability Type is provided):

8.2.3 MUST include one of the following:
a. Vulnerability Type
b. Root Cause
c. Impact

https://cve.mitre.org/cve/cna/CNA_Rules_v3.0.pdf

CC @wdormann

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    CVE

    Status

    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions