CVE-2023-42843

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-42843
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/03/26/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
https://support.apple.com/en-us/HT213981
https://support.apple.com/en-us/HT213982
https://support.apple.com/en-us/HT213984
https://support.apple.com/en-us/HT213986
Configurations

No configuration.

History

04 Nov 2024, 17:35

Type Values Removed Values Added
CWE CWE-290
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

07 May 2024, 06:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ -

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/03/26/1 -

22 Feb 2024, 19:07

Type Values Removed Values Added
Summary
  • (es) Se solucionó un problema de interfaz de usuario inconsistente con una gestión de estado mejorada. Este problema se solucionó en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visitar un sitio web malicioso puede provocar una suplantación de la barra de direcciones.

21 Feb 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-21 07:15

Updated : 2024-11-04 17:35

NVD link : CVE-2023-42843

Mitre link : CVE-2023-42843

CVE.ORG link : CVE-2023-42843

JSON object : View

Products Affected

No product.

CWE
CWE-290

Authentication Bypass by Spoofing