Lucene search
HistoryFeb 27, 2023 - 8:15 p.m.
CVE-2023-23520
race condition
validation
security fix
arbitrary files
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
4.8
Confidence
High
EPSS
0.002
Percentile
53.9%
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.
Affected configurations
Node
appleipadosRange<16.3
ORappleiphone_osRange<16.3
ORapplemacosRange<13.2
Related
cve
cve
CVE-2023-23520
2023-02-27 20:15:14
prion
prion
Race condition
2023-02-27 20:15:00
cvelist
cvelist
CVE-2023-23520
2023-02-27 00:00:00
thn
thn
Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices
2023-02-22 12:56:00
apple
apple
About the security content of tvOS 16.3
2023-01-24 00:00:00
About the security content of watchOS 9.3
2023-01-23 00:00:00
About the security content of iOS 16.3 and iPadOS 16.3
2023-01-23 00:00:00
nessus
nessus
Apple TV < 16.3 Multiple Vulnerabilities (HT213601)
2024-06-14 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT213603)
2023-01-25 00:00:00
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
4.8
Confidence
High
EPSS
0.002
Percentile
53.9%
Related for NVD:CVE-2023-23520