Lucene search

[email protected]NVD:CVE-2023-40384

HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-40384

2023-09-2715:19:04

[email protected]

web.nvd.nist.gov

permissions issue

redaction

sensitive information

tvos 17

ios 17

ipados 17

macos sonoma 14

sensitive location information

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.2%

JSON

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

Affected configurations

NVD

Node

appleipadosRange<17.0

appleiphone_osRange<17.0

applemacosRange<14.0

appletvosRange<17.0

References

seclists.org/fulldisclosure/2023/Oct/10

seclists.org/fulldisclosure/2023/Oct/3

seclists.org/fulldisclosure/2023/Oct/8

support.apple.com/en-us/HT213936

support.apple.com/en-us/HT213938

support.apple.com/en-us/HT213940

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.2%

JSON

Related for NVD:CVE-2023-40384

prion1 cve1 cvelist1 apple3 nessus1 openvas1