CVE-2018-4278

{"id": "CVE-2018-4278", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-01-11T18:29:02.937", "references": [{"url": "http://www.securitytracker.com/id/1041232", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146479", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}, {"url": "https://security.gentoo.org/glsa/201808-04", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT208932", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT208933%2C", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT208934%2C", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT208936%2C", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT208938%2C", "source": "product-security@apple.com"}, {"url": "https://usn.ubuntu.com/3743-1/", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking."}, {"lang": "es", "value": "En Safari en versiones anteriores a la 11.1.2, iTunes en versiones anteriores a la 12.8 para Windows, iOS en versiones anteriores a la 11.4.1, tvOS en versiones anteriores a la 11.4.1 e iCloud para Windows en versiones anteriores a la 7.6, el sonido capturado mediante elementos de audio podr\u00eda exfiltrarse con or\u00edgenes cruzados. Este problema se abord\u00f3 mediante la mejora del rastreo de la contaminaci\u00f3n de audio."}], "lastModified": "2023-11-07T02:58:23.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16B9B534-35A4-49C4-B19C-C18BA185E0C4", "versionEndExcluding": "11.1.2"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "717822F6-6246-4D7C-BF1E-0A0A2A105B7B", "versionEndExcluding": "11.4.1"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "232180F0-DF72-4DE7-8DF8-7CE0D7771406", "versionEndExcluding": "11.4.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B45B035E-E267-4CC0-875D-35B45E86A72C", "versionEndExcluding": "7.6"}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50F3E6C3-A7EA-4F63-A5F2-659FA32766E6", "versionEndExcluding": "12.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}