CVE-2023-23505

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT213598	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213599	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213603	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213604	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213605	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213606	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

27 Jul 2023, 04:15

Type	Values Removed	Values Added
Summary	A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, iOS 15.7.3 and iPadOS 15.7.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access information about a user’s contacts.	A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts.

Information

Published : 2023-02-27 20:15

Updated : 2024-02-28 19:51

NVD link : CVE-2023-23505

Mitre link : CVE-2023-23505

CVE.ORG link : CVE-2023-23505

JSON object : View

Products Affected

apple

watchos
ipados
macos
iphone_os

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2023-23505", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-02-27T20:15:13.750", "references": [{"url": "https://support.apple.com/en-us/HT213598", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213599", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213603", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213604", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213605", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213606", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user\u2019s contacts."}], "lastModified": "2023-07-27T04:15:13.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25571006-94E5-43C8-849C-600C7E5CE329", "versionEndExcluding": "15.7.3"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84A6CE41-699B-4511-8B52-625F271CA9FE", "versionEndExcluding": "16.3", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EB34B65-AC55-488B-8D12-F2E6FBCC284A", "versionEndExcluding": "15.7.3"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08EA5BA7-5C1B-43E5-8988-22C33DAAE754", "versionEndExcluding": "16.3", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D13504E-ABCF-4E6F-8984-EADB123DFDD2", "versionEndExcluding": "11.7.3", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C71359B9-7DCE-4F45-B03F-77CF313A74EA", "versionEndExcluding": "12.6.3", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CEC72CB-1F5B-4BF5-80F0-357E27855D2A", "versionEndExcluding": "13.2", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "870BF5F9-6408-4EB6-8821-1881E66B003B", "versionEndExcluding": "9.3"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}