CVE-2019-8754 - OpenCVE

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.apple.com/en-us/HT210722

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2020-10-27T19:47:07

Updated: 2024-08-04T21:31:35.799Z

Reserved: 2019-02-18T00:00:00

Link: CVE-2019-8754

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-10-27T20:15:18.797

Modified: 2020-10-29T18:15:24.707

Link: CVE-2019-8754

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "10.15", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information."}], "problemTypes": [{"descriptions": [{"description": "A malicious HTML document may be able to render iframes with sensitive user information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T19:47:07", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210722"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8754", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "10.15"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A malicious HTML document may be able to render iframes with sensitive user information"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT210722", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210722"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:31:35.799Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210722"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-8754", "datePublished": "2020-10-27T19:47:07", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2024-08-04T21:31:35.799Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "E773457A-E670-4DDA-86E2-0923C1DCD9BA", "versionEndExcluding": "10.15.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information."}, {"lang": "es", "value": "Se present\u00f3 un problema de origen cruzado con los elementos \"iframe\". Esto se abord\u00f3 con un seguimiento de los or\u00edgenes de seguridad mejorado. Este problema se corrigi\u00f3 en macOS Catalina versi\u00f3n 10.15.1, Security Update 2019-001 y Security Update 2019-006. Un documento HTML malicioso puede ser capaz de renderizar iframes con informaci\u00f3n confidencial del usuario"}], "id": "CVE-2019-8754", "lastModified": "2020-10-29T18:15:24.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T20:15:18.797", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210722"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}