CVE-2023-38599

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/08/02/1	Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
https://lists.fedoraproject.org/archives/list/[email protected]/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/en-us/HT213841	Vendor Advisory
https://support.apple.com/en-us/HT213842	Vendor Advisory
https://support.apple.com/en-us/HT213843	Vendor Advisory
https://support.apple.com/en-us/HT213846	Vendor Advisory
https://support.apple.com/en-us/HT213847	Vendor Advisory
https://support.apple.com/en-us/HT213848	Vendor Advisory
https://www.debian.org/security/2023/dsa-5468
http://www.openwall.com/lists/oss-security/2023/08/02/1	Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
https://lists.fedoraproject.org/archives/list/[email protected]/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/en-us/HT213841	Vendor Advisory
https://support.apple.com/en-us/HT213842	Vendor Advisory
https://support.apple.com/en-us/HT213843	Vendor Advisory
https://support.apple.com/en-us/HT213846	Vendor Advisory
https://support.apple.com/en-us/HT213847	Vendor Advisory
https://support.apple.com/en-us/HT213848	Vendor Advisory
https://www.debian.org/security/2023/dsa-5468

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

21 Nov 2024, 08:13

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2023/08/02/1 - Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2023/08/02/1 - Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/[email protected]/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/ -~~	() https://lists.fedoraproject.org/archives/list/[email protected]/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/ -
References	~~() https://lists.fedoraproject.org/archives/list/[email protected]/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/ -~~	() https://lists.fedoraproject.org/archives/list/[email protected]/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/ -
References	~~() https://security.gentoo.org/glsa/202401-04 -~~	() https://security.gentoo.org/glsa/202401-04 -
References	~~() https://support.apple.com/en-us/HT213841 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213841 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT213842 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213842 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT213843 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213843 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT213846 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213846 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT213847 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213847 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT213848 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213848 - Vendor Advisory
References	~~() https://www.debian.org/security/2023/dsa-5468 -~~	() https://www.debian.org/security/2023/dsa-5468 -

Information

Published : 2023-07-28 05:15

Updated : 2024-11-21 08:13

NVD link : CVE-2023-38599

Mitre link : CVE-2023-38599

CVE.ORG link : CVE-2023-38599

JSON object : View

Products Affected

apple

CWE

NVD-CWE-noinfo

6.5 /10