{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27838", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-02-26T15:32:28.528Z", "datePublished": "2024-06-10T20:56:40.587Z", "dateUpdated": "2024-08-19T14:56:24.191Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A maliciously crafted webpage may be able to fingerprint the user"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "1.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "10.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user."}], "references": [{"url": "https://support.apple.com/en-us/HT214101"}, {"url": "https://support.apple.com/en-us/HT214100"}, {"url": "https://support.apple.com/en-us/HT214106"}, {"url": "https://support.apple.com/en-us/HT214108"}, {"url": "https://support.apple.com/en-us/HT214104"}, {"url": "https://support.apple.com/en-us/HT214103"}, {"url": "https://support.apple.com/en-us/HT214102"}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/5"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-06-10T20:56:40.587Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.887Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214101", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214100", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214106", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214108", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214104", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214103", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214102", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/5", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-19T14:48:32.637340Z", "id": "CVE-2024-27838", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T14:56:24.191Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214101", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214100", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214106", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214108", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214104", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214103", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214102", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/5", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.887Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27838", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-19T14:48:32.637340Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T14:53:37.619Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "10.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.5", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214101"}, {"url": "https://support.apple.com/en-us/HT214100"}, {"url": "https://support.apple.com/en-us/HT214106"}, {"url": "https://support.apple.com/en-us/HT214108"}, {"url": "https://support.apple.com/en-us/HT214104"}, {"url": "https://support.apple.com/en-us/HT214103"}, {"url": "https://support.apple.com/en-us/HT214102"}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/5"}], "descriptions": [{"lang": "en", "value": "The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A maliciously crafted webpage may be able to fingerprint the user"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-06-10T20:56:40.587Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27838", "state": "PUBLISHED", "dateUpdated": "2024-08-19T14:56:24.191Z", "dateReserved": "2024-02-26T15:32:28.528Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-06-10T20:56:40.587Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", "versionEndExcluding": "17.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "732206AE-D798-41FB-8D91-F796820F912D", "versionEndExcluding": "16.7.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C520138-1984-4369-8615-09FF57F0BB70", "versionEndExcluding": "17.5", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", "versionEndExcluding": "16.7.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEC0ACF3-F486-4536-8415-A176C68CE183", "versionEndExcluding": "17.5", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AB18623-7D06-4946-99FC-808A4A913ED9", "versionEndExcluding": "14.5", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "003383BF-F06C-4300-908D-D1C8498C6BCD", "versionEndExcluding": "17.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "20FA533E-AA15-4561-AAF1-F8C3F5283C88", "versionEndExcluding": "1.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", "versionEndExcluding": "10.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user."}, {"lang": "es", "value": "El problema se abord\u00f3 agregando l\u00f3gica adicional. Este problema se solucion\u00f3 en tvOS 17.5, iOS 16.7.8 y iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una p\u00e1gina web creada con fines malintencionados puede tomar huellas digitales del usuario."}], "id": "CVE-2024-27838", "lastModified": "2024-07-03T16:27:38.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-10T21:15:51.240", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jun/5"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214100"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214101"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214102"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214103"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214104"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214106"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214108"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9636", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.46.3-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:8180", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.46.1-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user", "id": "2314702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314702"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.", "A flaw was found in WebKit. This vulnerability allows a maliciously crafted webpage to fingerprint the user."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27838", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-09-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27838\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27838\nhttps://webkitgtk.org/security/WSA-2024-0005.html"], "threat_severity": "Moderate"}