CVE-2022-26707

{"id": "CVE-2022-26707", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-09-23T19:15:11.407", "references": [{"url": "https://support.apple.com/en-us/HT213257", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213257", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information."}, {"lang": "es", "value": "Se abord\u00f3 un problema en el manejo de las variables de entorno con una comprobaci\u00f3n mejorada. Este problema ha sido corregido en macOS Monterey versi\u00f3n 12.4. Es posible que un usuario pueda visualizar informaci\u00f3n confidencial del usuario.\n"}], "lastModified": "2024-11-21T06:54:21.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56A8A170-44A7-4334-88B0-CB4413E28E53", "versionEndExcluding": "12.4", "versionStartIncluding": "12.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}