CVE-2019-8769

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://security.gentoo.org/glsa/202003-22	Third Party Advisory
https://support.apple.com/HT210634	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

History

01 Dec 2021, 16:58

Type	Values Removed	Values Added
References	~~(GENTOO) https://security.gentoo.org/glsa/202003-22 -~~	(GENTOO) https://security.gentoo.org/glsa/202003-22 - Third Party Advisory
CWE	~~CWE-200~~	NVD-CWE-noinfo

Information

Published : 2019-12-18 18:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-8769

Mitre link : CVE-2019-8769

CVE.ORG link : CVE-2019-8769

JSON object : View

Products Affected

apple

mac_os_x
ipados
iphone_os

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-8769", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-12-18T18:15:39.897", "references": [{"url": "https://security.gentoo.org/glsa/202003-22", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210634", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history."}, {"lang": "es", "value": "Se present\u00f3 un problema en el dibujado de los elementos de una p\u00e1gina web. El problema fue abordado con una l\u00f3gica mejorada. Este problema es corregido en iOS versi\u00f3n 13.1 y iPadOS versi\u00f3n 13.1, macOS Catalina 10.15. Visitar un sitio web dise\u00f1ado maliciosamente puede revelar el historial de navegaci\u00f3n."}], "lastModified": "2021-12-01T16:58:18.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1B56C2A-63FE-410E-96A2-AA757E55086D", "versionEndExcluding": "13.1"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74FC47CB-6F80-4521-BE54-47B5630FF496", "versionEndExcluding": "13.1"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28B89FF-E2E1-498A-AF43-C8DE5DA352CD", "versionEndExcluding": "10.15"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}