CVE-2023-42838

{"id": "CVE-2023-42838", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2024-02-21T07:15:48.543", "references": [{"url": "https://support.apple.com/en-us/HT213984", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT214037", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT214038", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213984", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT214037", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT214038", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de acceso con mejoras en la zona de pruebas. Este problema se solucion\u00f3 en macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas o con ciertos privilegios elevados."}], "lastModified": "2024-11-21T08:23:19.967", "sourceIdentifier": "product-security@apple.com"}