CVE-2024-23273 - OpenCVE

This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Ipad Os Iphone Os Macos Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipad_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Mar/20
http://seclists.org/fulldisclosure/2024/Mar/21
https://support.apple.com/en-us/HT214081
https://support.apple.com/en-us/HT214084
https://support.apple.com/en-us/HT214089

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-03-08T01:35:54.940Z

Updated: 2024-08-27T19:32:37.419Z

Reserved: 2024-01-12T22:22:21.498Z

Link: CVE-2024-23273

Vulnrichment

Updated: 2024-08-01T22:59:32.140Z

NVD

Status : Analyzed

Published: 2024-03-08T02:15:49.410

Modified: 2024-03-14T19:54:26.287

Link: CVE-2024-23273

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23273", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-01-12T22:22:21.498Z", "datePublished": "2024-03-08T01:35:54.940Z", "dateUpdated": "2024-08-27T19:32:37.419Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Private Browsing tabs may be accessed without authentication"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication."}], "references": [{"url": "https://support.apple.com/en-us/HT214081"}, {"url": "https://support.apple.com/en-us/HT214089"}, {"url": "https://support.apple.com/en-us/HT214084"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/20"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-08T01:35:54.940Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.140Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214081", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214089", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/20", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T19:31:28.016236Z", "id": "CVE-2024-23273", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T19:32:37.419Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214081", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214089", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214084", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/20", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.140Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23273", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-27T19:31:28.016236Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T19:31:34.459Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214081"}, {"url": "https://support.apple.com/en-us/HT214089"}, {"url": "https://support.apple.com/en-us/HT214084"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/20"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21"}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Private Browsing tabs may be accessed without authentication"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-08T01:35:54.940Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23273", "state": "PUBLISHED", "dateUpdated": "2024-08-27T19:32:37.419Z", "dateReserved": "2024-01-12T22:22:21.498Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-03-08T01:35:54.940Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC7753BA-5DF8-4F98-8DA8-69DA473F8307", "versionEndExcluding": "17.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69", "versionEndExcluding": "17.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB", "versionEndExcluding": "17.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication."}, {"lang": "es", "value": "Esta cuesti\u00f3n se abord\u00f3 mediante una mejor gesti\u00f3n de estado. Este problema se solucion\u00f3 en Safari 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4. Se puede acceder a las pesta\u00f1as de navegaci\u00f3n privada sin autenticaci\u00f3n."}], "id": "CVE-2024-23273", "lastModified": "2024-03-14T19:54:26.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-08T02:15:49.410", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2024/Mar/20"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214081"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214084"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214089"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}