{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-01-11T00:00:00", "descriptions": [{"lang": "en", "value": "In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-15T17:06:09", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "DSA-4243", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4243"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208849"}, {"name": "GLSA-201908-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-08"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2018-4183", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-4243", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4243"}, {"name": "https://support.apple.com/HT208849", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208849"}, {"name": "GLSA-201908-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-08"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:04:29.854Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4243", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4243"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT208849"}, {"name": "GLSA-201908-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-08"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2018-4183", "datePublished": "2019-01-11T18:00:00", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T05:04:29.854Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0B9799C-6891-4D51-9E17-92D1407740F9", "versionEndExcluding": "10.13.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions."}, {"lang": "es", "value": "En macOS High Sierra en versiones anteriores a la 10.13.5, se abord\u00f3 un problema de acceso con restricciones adicionales del sandbox."}], "id": "CVE-2018-4183", "lastModified": "2024-11-21T04:06:55.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-11T18:29:01.157", "references": [{"source": "product-security@apple.com", "url": "https://security.gentoo.org/glsa/201908-08"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT208849"}, {"source": "product-security@apple.com", "tags": ["Not Applicable", "Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4243"}, {"source": "nvd@nist.gov", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607284"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201908-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT208849"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4243"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "cups: Sandbox bypass due to profile misconfiguration", "id": "1607284", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607284"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-250", "details": ["In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.", "A Sandbox bypass has been discovered in cups on macOS due to profile misconfiguration. An attacker that has obtained sandboxed root access can use this flow to escape the sandbox."], "name": "CVE-2018-4183", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Virtualization 4"}], "public_date": "2018-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-4183\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4183"], "statement": "This issue did not affect the versions of cups as shipped with Red Hat Enterprise Linux as cups on Linux does not support the Sandbox feature.", "threat_severity": "Important"}

{}