Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft MotW indistinguishable descriptions #3

Open
zmanion opened this issue Dec 7, 2022 · 0 comments
Open

Microsoft MotW indistinguishable descriptions #3

zmanion opened this issue Dec 7, 2022 · 0 comments

Comments

@zmanion
Copy link
Owner

zmanion commented Dec 7, 2022

The descriptions for CVE-2022-41049 and CVE-2022-41091 are identical except for description text stating that each is not the other and the descriptions do not convey sufficient information to uniquely identify vulnerabilities.

CVE-2022-41049 description:

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091.

CVE-2022-41091 description:

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.

These descriptions do seem to meet the minimum requirements in 8.2.3 (Vulnerability Type is provided):

8.2.3 MUST include one of the following:
a. Vulnerability Type
b. Root Cause
c. Impact

https://cve.mitre.org/cve/cna/CNA_Rules_v3.0.pdf

CC @wdormann
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
CVE
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zmanion