Lucene search

[email protected]NVD:CVE-2023-23520

HistoryFeb 27, 2023 - 8:15 p.m.

CVE-2023-23520

2023-02-2720:15:14

CWE-367

[email protected]

web.nvd.nist.gov

race condition

validation

security fix

arbitrary files

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%

JSON

A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.

Affected configurations

NVD

Node

appleipadosRange<16.3

appleiphone_osRange<16.3

applemacosRange<13.2

References

support.apple.com/en-us/HT213599

support.apple.com/en-us/HT213601

support.apple.com/en-us/HT213605

support.apple.com/en-us/HT213606

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for NVD:CVE-2023-23520

prion1 cvelist1 cve1 thn1 apple4 nessus1 openvas1