CVE-2024-23261 - OpenCVE

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Macos

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
https://support.apple.com/en-us/HT214084
https://support.apple.com/en-us/HT214118
https://support.apple.com/en-us/HT214120
https://support.apple.com/kb/HT214084

History

Mon, 12 Aug 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple macos
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-07-29T22:16:42.022Z

Updated: 2024-08-01T22:59:32.087Z

Reserved: 2024-01-12T22:22:21.489Z

Link: CVE-2024-23261

Vulnrichment

Updated: 2024-08-01T22:59:32.087Z

NVD

Status : Analyzed

Published: 2024-07-29T23:15:10.037

Modified: 2024-08-12T15:38:36.130

Link: CVE-2024-23261

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-23261", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-01-12T22:22:21.489Z", "datePublished": "2024-07-29T22:16:42.022Z", "dateUpdated": "2024-08-01T22:59:32.087Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker may be able to read information belonging to another user"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "12.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user."}], "references": [{"url": "https://support.apple.com/en-us/HT214120"}, {"url": "https://support.apple.com/en-us/HT214084"}, {"url": "https://support.apple.com/en-us/HT214118"}, {"url": "https://support.apple.com/kb/HT214084"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T22:16:42.022Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-30T18:36:54.749576Z", "id": "CVE-2024-23261", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T18:37:26.430Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.087Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214120", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214118", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214084", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214120", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214118", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214084", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.087Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23261", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-30T18:36:54.749576Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T18:37:23.210Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214120"}, {"url": "https://support.apple.com/en-us/HT214084"}, {"url": "https://support.apple.com/en-us/HT214118"}, {"url": "https://support.apple.com/kb/HT214084"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19"}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker may be able to read information belonging to another user"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T22:16:42.022Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23261", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:59:32.087Z", "dateReserved": "2024-01-12T22:22:21.489Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-07-29T22:16:42.022Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F", "versionEndExcluding": "12.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A", "versionEndExcluding": "13.6.8", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user."}, {"lang": "es", "value": " Se abord\u00f3 una cuesti\u00f3n de l\u00f3gica con una mejor gesti\u00f3n estatal. Este problema se solucion\u00f3 en macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. Un atacante puede ser capaz de leer informaci\u00f3n que pertenece a otro usuario."}], "id": "CVE-2024-23261", "lastModified": "2024-08-12T15:38:36.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T23:15:10.037", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/19"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/20"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214084"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214118"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214120"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/kb/HT214084"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}