CVE-2023-38174: 
vulnerability analysis and mitigation

CVE-2023-38174 is an Information Disclosure vulnerability affecting Microsoft Edge (Chromium-based). The vulnerability was discovered and disclosed to Microsoft, with the initial CVE record being created on July 12, 2023, and publicly disclosed on December 7, 2023. This vulnerability affects Microsoft Edge versions prior to 120.0.2210.61 (NVD, Microsoft).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, requires user interaction, has a limited confidentiality impact, and no impact on integrity or availability (NVD).

The vulnerability could lead to unauthorized information disclosure if successfully exploited. The confidentiality impact is rated as Low (L) according to the CVSS score, indicating potential exposure of some restricted information (Microsoft).

Microsoft has released a security update to address this vulnerability in Edge version 120.0.2210.61. Users and administrators are advised to update to this version or later to mitigate the vulnerability (Lansweeper).