[email protected]NVD:CVE-2022-42824

HistoryNov 01, 2022 - 8:15 p.m.

CVE-2022-42824

2022-11-0120:15:24

[email protected]

web.nvd.nist.gov

logic issue

state management

tvos 16.1

macos ventura 13

watchos 9.1

safari 16.1

ios 16.1

ipados 16

sensitive information disclosure

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.4%

JSON

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.

Affected configurations

NVD

Node

applesafariRange<16.1

appleipadosRange<16.0

appleiphone_osRange<16.1

applemacosRange<13.0

appletvosRange<16.1

applewatchosRange<9.1

Node

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

References

www.openwall.com/lists/oss-security/2022/11/04/4

lists.debian.org/debian-lts-announce/2022/11/msg00010.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/

security.gentoo.org/glsa/202305-32

support.apple.com/en-us/HT213488

support.apple.com/en-us/HT213489

support.apple.com/en-us/HT213491

support.apple.com/en-us/HT213492

support.apple.com/en-us/HT213495

www.debian.org/security/2022/dsa-5273

www.debian.org/security/2022/dsa-5274

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for NVD:CVE-2022-42824

redhatcve1 prion1 cve1 debiancve1 cvelist1 ubuntucve1 fedora3 nessus22 debian3 openvas14 osv6 apple6 ubuntu1 mageia1 oraclelinux2 almalinux2 redhat2 gentoo1 amazon1