mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
198 lines
6.2 KiB
JSON
198 lines
6.2 KiB
JSON
{
|
|
"id": "CVE-2023-42893",
|
|
"sourceIdentifier": "product-security@apple.com",
|
|
"published": "2024-03-28T16:15:07.903",
|
|
"lastModified": "2024-06-10T18:15:23.210",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se solucion\u00f3 un problema de permisos eliminando el c\u00f3digo vulnerable y agregando comprobaciones adicionales. Este problema se solucion\u00f3 en macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 y iPadOS 17.2, iOS 16.7.3 y iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Es posible que una aplicaci\u00f3n pueda acceder a datos de usuario protegidos."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "16.7.3",
|
|
"matchCriteriaId": "158A9F27-6C9F-4B9A-82EC-087E6B79E1F7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "17.0",
|
|
"versionEndExcluding": "17.2",
|
|
"matchCriteriaId": "D0997B97-8D18-41AC-85DD-3605A5DBCA35"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "16.7.3",
|
|
"matchCriteriaId": "F5968985-0FC1-4280-96AE-B0E55156B2C9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "17.0",
|
|
"versionEndExcluding": "17.2",
|
|
"matchCriteriaId": "C6DB531C-9534-461D-87D4-C2BA2BD1D9F6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.0",
|
|
"versionEndExcluding": "12.7.2",
|
|
"matchCriteriaId": "81F8AB85-34DB-4536-ADDE-D0EB5DEBFD85"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0",
|
|
"versionEndExcluding": "13.6.3",
|
|
"matchCriteriaId": "E270DF97-8603-42D8-A31C-FCD89A7D2F1E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "14.0",
|
|
"versionEndExcluding": "14.2",
|
|
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "17.2",
|
|
"matchCriteriaId": "780F2778-8AE1-4C48-8ADF-D4B7D44C3987"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "10.2",
|
|
"matchCriteriaId": "1183933F-F52A-45A7-B118-FC8B8BDD5509"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2024/May/10",
|
|
"source": "product-security@apple.com"
|
|
},
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2024/May/12",
|
|
"source": "product-security@apple.com"
|
|
},
|
|
{
|
|
"url": "https://support.apple.com/en-us/HT214034",
|
|
"source": "product-security@apple.com",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.apple.com/en-us/HT214035",
|
|
"source": "product-security@apple.com",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.apple.com/en-us/HT214036",
|
|
"source": "product-security@apple.com",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.apple.com/en-us/HT214037",
|
|
"source": "product-security@apple.com",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.apple.com/en-us/HT214038",
|
|
"source": "product-security@apple.com",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.apple.com/en-us/HT214040",
|
|
"source": "product-security@apple.com",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.apple.com/en-us/HT214041",
|
|
"source": "product-security@apple.com",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.apple.com/kb/HT214101",
|
|
"source": "product-security@apple.com"
|
|
},
|
|
{
|
|
"url": "https://support.apple.com/kb/HT214106",
|
|
"source": "product-security@apple.com"
|
|
}
|
|
]
|
|
} |