{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42843", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2023-09-14T19:05:11.449Z", "datePublished": "2024-02-21T06:41:27.506Z", "dateUpdated": "2024-11-04T16:45:42.480Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Visiting a malicious website may lead to address bar spoofing"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."}], "references": [{"url": "https://support.apple.com/en-us/HT213981"}, {"url": "https://support.apple.com/en-us/HT213986"}, {"url": "https://support.apple.com/en-us/HT213984"}, {"url": "https://support.apple.com/en-us/HT213982"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-02-21T06:41:27.506Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-290", "lang": "en", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "affected": [{"vendor": "apple", "product": "ios_and_ipados", "cpes": ["cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "16.7", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "17.1", "versionType": "custom"}]}, {"vendor": "apple", "product": "safari", "cpes": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "17.1", "versionType": "custom"}]}, {"vendor": "apple", "product": "macos", "cpes": ["cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "14.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-04T16:39:32.031098Z", "id": "CVE-2023-42843", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T16:45:42.480Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:24.570Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213981", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213986", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213984", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213982", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213981", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213986", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213984", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213982", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:24.570Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-42843", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-04T16:39:32.031098Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ios_and_ipados", "versions": [{"status": "affected", "version": "0", "lessThan": "16.7", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "17.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "safari", "versions": [{"status": "affected", "version": "0", "lessThan": "17.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "0", "lessThan": "14.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:11.947Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.1", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213981"}, {"url": "https://support.apple.com/en-us/HT213986"}, {"url": "https://support.apple.com/en-us/HT213984"}, {"url": "https://support.apple.com/en-us/HT213982"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"}], "descriptions": [{"lang": "en", "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Visiting a malicious website may lead to address bar spoofing"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-02-21T06:41:27.506Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42843", "state": "PUBLISHED", "dateUpdated": "2024-11-04T16:45:42.480Z", "dateReserved": "2023-09-14T19:05:11.449Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-02-21T06:41:27.506Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de interfaz de usuario inconsistente con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visitar un sitio web malicioso puede provocar una suplantaci\u00f3n de la barra de direcciones."}], "id": "CVE-2023-42843", "lastModified": "2024-11-04T17:35:05.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-21T07:15:48.940", "references": [{"source": "product-security@apple.com", "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"}, {"source": "product-security@apple.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT213981"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT213982"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT213984"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT213986"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9144", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.44.3-2.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "webkit: visiting a malicious website may lead to address bar spoofing", "id": "2271717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271717"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified"}, "details": ["An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.", "A flaw was found in WebKit that may allow a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. By tricking a victim into visiting a specially crafted website, the attacker could perform address bar spoofing."], "name": "CVE-2023-42843", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-03-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-42843\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-42843\nhttps://webkitgtk.org/security/WSA-2024-0002.html"], "threat_severity": "Moderate", "upstream_fix": "WebKitGTK 2.44.0"}