CVE-2023-42940

A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2023/Dec/20	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214048	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2023/Dec/20	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214048	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214048

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

04 Nov 2025, 19:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214048 -

06 May 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-200

21 Nov 2024, 08:23

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2023/Dec/20 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2023/Dec/20 - Mailing List, Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214048 - Release Notes, Vendor Advisory~~	() https://support.apple.com/en-us/HT214048 - Release Notes, Vendor Advisory

04 Jan 2024, 14:56

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.7
CPE		cpe:2.3:o:apple:macos::::::::
References	~~() https://support.apple.com/en-us/HT214048 -~~	() https://support.apple.com/en-us/HT214048 - Release Notes, Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2023/Dec/20 -~~	() http://seclists.org/fulldisclosure/2023/Dec/20 - Mailing List, Third Party Advisory
CWE		NVD-CWE-noinfo

20 Dec 2023, 13:50

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-19 22:15

Updated : 2025-11-04 19:15

NVD link : CVE-2023-42940

Mitre link : CVE-2023-42940

CVE.ORG link : CVE-2023-42940

JSON object : View

Products Affected

apple

macos

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2023-42940", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2023-12-19T22:15:07.630", "references": [{"url": "http://seclists.org/fulldisclosure/2023/Dec/20", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT214048", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2023/Dec/20", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT214048", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214048", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de representaci\u00f3n de sesiones con un seguimiento de sesiones mejorado. Este problema se solucion\u00f3 en macOS Sonoma 14.2.1. Un usuario que comparte su pantalla puede compartir sin querer el contenido incorrecto."}], "lastModified": "2025-11-04T19:15:58.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BC4F8D9-9E7D-4F22-BF33-11A7F6E71334", "versionEndExcluding": "14.2.1", "versionStartIncluding": "14.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}