cvelistv5 - cve-2019-8725

CVE-2019-8725 (GCVE-0-2019-8725)

Vulnerability from cvelistv5 – Published: 2019-12-18 17:33 – Updated: 2024-08-04 21:24

Summary

The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.

Severity ?

No CVSS data available.

CWE

Service workers may leak private browsing history

Assigner

apple

References

URL

Tags

https://support.apple.com/HT210605

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apple	Safari	Affected: unspecified , < Safari 13.0.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:24:29.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210605"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "Safari 13.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Service workers may leak private browsing history",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:33:22",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT210605"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8725",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Safari",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "Safari 13.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Service workers may leak private browsing history"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210605",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT210605"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2019-8725",
    "datePublished": "2019-12-18T17:33:22",
    "dateReserved": "2019-02-18T00:00:00",
    "dateUpdated": "2024-08-04T21:24:29.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.0.1\", \"matchCriteriaId\": \"6BD0E131-6A79-47DA-B8A8-1478B1EDD9FE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.\"}, {\"lang\": \"es\", \"value\": \"Un problema fue abordado con un manejo mejorado de la vida \\u00fatil de service worker. Este problema es corregido en Safari versi\\u00f3n 13.0.1. Los trabajadores del servicio pueden filtrar el historial de navegaci\\u00f3n privado.\"}]",
      "id": "CVE-2019-8725",
      "lastModified": "2024-11-21T04:50:21.883",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-18T18:15:37.147",
      "references": "[{\"url\": \"https://support.apple.com/HT210605\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT210605\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-8725\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-12-18T18:15:37.147\",\"lastModified\":\"2024-11-21T04:50:21.883\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.\"},{\"lang\":\"es\",\"value\":\"Un problema fue abordado con un manejo mejorado de la vida \u00fatil de service worker. Este problema es corregido en Safari versi\u00f3n 13.0.1. Los trabajadores del servicio pueden filtrar el historial de navegaci\u00f3n privado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.0.1\",\"matchCriteriaId\":\"6BD0E131-6A79-47DA-B8A8-1478B1EDD9FE\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT210605\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT210605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2019-8725

Vulnerability from fkie_nvd - Published: 2019-12-18 18:15 - Updated: 2024-11-21 04:50

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/HT210605	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT210605	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	safari	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD0E131-6A79-47DA-B8A8-1478B1EDD9FE",
              "versionEndExcluding": "13.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history."
    },
    {
      "lang": "es",
      "value": "Un problema fue abordado con un manejo mejorado de la vida \u00fatil de service worker. Este problema es corregido en Safari versi\u00f3n 13.0.1. Los trabajadores del servicio pueden filtrar el historial de navegaci\u00f3n privado."
    }
  ],
  "id": "CVE-2019-8725",
  "lastModified": "2024-11-21T04:50:21.883",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-18T18:15:37.147",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT210605"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-8725

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.

Aliases

CVE-2019-8725

Aliases

CVE-2019-8725

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8725",
    "description": "The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.",
    "id": "GSD-2019-8725"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8725"
      ],
      "details": "The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.",
      "id": "GSD-2019-8725",
      "modified": "2023-12-13T01:23:47.945688Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-8725",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Safari",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "Safari 13.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Service workers may leak private browsing history"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT210605",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT210605"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-8725"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT210605",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT210605"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2019-12-18T18:15Z"
    }
  }
}

GHSA-PX9H-5XXR-MM8W

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04

Details

The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.",
  "id": "GHSA-px9h-5xxr-mm8w",
  "modified": "2022-05-24T17:04:31Z",
  "published": "2022-05-24T17:04:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8725"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210605"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201912-0530

Vulnerability from variot - Updated: 2023-12-18 10:46

The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. Service Workers is one of the plugins for handling network requests and assisting with offline-first development, push notifications, and background syncing. A security vulnerability exists in the Service Workers component of Apple Safari prior to 13.0.1. An attacker could exploit this vulnerability to disclose private browsing records. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-9-26-9 Safari 13.0.1

Safari 13.0.1 addresses the following:

Safari Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6 Impact: Visiting a malicious website may lead to user interface spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2019-8725: Michael Thwaite of Connect Media

Additional recognition

Safari We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) of TurkishKit for their assistance.

Installation note:

Safari 13.0.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2NGWkACgkQBz4uGe3y 0M1rohAAqaD5bYeP305cUxNucHOv/KOKf6LVk2GK71oLTgIHTGKInLKCD3xZ7Ml/ jOYFbMFDbDyi/lTepa5+yAWcvuB40T7AqstwnG/Ntwzi1LfCRnCHE60lZ/6ACLCC SB0KRxrhWwgUiZamtSRVeg4ZzDn/5sYwzQgmWx8Oa+/31Ch6TgyvGmljG4vt2Ijx Vvnvml7IY/glnp53XsmkkvXwr6gOYEA8oFPPaBQnkDQl9voUQhWvZ2HvqZSxJ8NB Mwj77QOPnNnFNp4Av0CI8tAWZbH6SPpkZZ12OwX2cAyXfa25ptolSOHp51Fs6X+Y fiOUr1L8ozxTM4vr2MlQYQw6enQ6qyp48hfBWzq6aEpuXJ/BMbfTqnf9rZYdRUpA Lsxp4CaE6wlrdZXuL2Cj6aiLzvHCiROpGuJrKNBMZqShGjB6q5gTPqWRueeKRH+W +ywhftihfw+MpiHd56dat+iOFKDfnSmSkRya85sLbN0UNMSJzRb8sdPWBZ2KCwWk xkyUDaDaVQaEj17FQ18hUrBX38wjpp9yD7nDNcQdr60P0Xm2eCt0lspwiCE3gl1p DfZiCC1QROE6zIZJktTy9ygZcnBerFY60M7tN0qcf+x6vkfIska+CJChz14qd7+p ag/jn1JHTThJFRenF1P6W70k8rWsHbv5VuyL9Mih0RX0UVBptes= =gcEu -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0530",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.0.1"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13   (macos high sierra 10.13.6)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13   (macos mojave 10.14.6)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8725"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8725"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple,Michael Thwaite of Connect Medi",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-8725",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-8725",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-160160",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2019-8725",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-8725",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201909-1294",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160160",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8725"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. Service Workers is one of the plugins for handling network requests and assisting with offline-first development, push notifications, and background syncing. A security vulnerability exists in the Service Workers component of Apple Safari prior to 13.0.1. An attacker could exploit this vulnerability to disclose private browsing records. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-9-26-9 Safari 13.0.1\n\nSafari 13.0.1 addresses the following:\n\nSafari\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2019-8725: Michael Thwaite of Connect Media\n\nAdditional recognition\n\nSafari\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) of\nTurkishKit for their assistance. \n\nInstallation note:\n\nSafari 13.0.1 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2NGWkACgkQBz4uGe3y\n0M1rohAAqaD5bYeP305cUxNucHOv/KOKf6LVk2GK71oLTgIHTGKInLKCD3xZ7Ml/\njOYFbMFDbDyi/lTepa5+yAWcvuB40T7AqstwnG/Ntwzi1LfCRnCHE60lZ/6ACLCC\nSB0KRxrhWwgUiZamtSRVeg4ZzDn/5sYwzQgmWx8Oa+/31Ch6TgyvGmljG4vt2Ijx\nVvnvml7IY/glnp53XsmkkvXwr6gOYEA8oFPPaBQnkDQl9voUQhWvZ2HvqZSxJ8NB\nMwj77QOPnNnFNp4Av0CI8tAWZbH6SPpkZZ12OwX2cAyXfa25ptolSOHp51Fs6X+Y\nfiOUr1L8ozxTM4vr2MlQYQw6enQ6qyp48hfBWzq6aEpuXJ/BMbfTqnf9rZYdRUpA\nLsxp4CaE6wlrdZXuL2Cj6aiLzvHCiROpGuJrKNBMZqShGjB6q5gTPqWRueeKRH+W\n+ywhftihfw+MpiHd56dat+iOFKDfnSmSkRya85sLbN0UNMSJzRb8sdPWBZ2KCwWk\nxkyUDaDaVQaEj17FQ18hUrBX38wjpp9yD7nDNcQdr60P0Xm2eCt0lspwiCE3gl1p\nDfZiCC1QROE6zIZJktTy9ygZcnBerFY60M7tN0qcf+x6vkfIska+CJChz14qd7+p\nag/jn1JHTThJFRenF1P6W70k8rWsHbv5VuyL9Mih0RX0UVBptes=\n=gcEu\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-8725"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160160"
      },
      {
        "db": "PACKETSTORM",
        "id": "154657"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-8725",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVNVU98778455",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1294",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "154657",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3649",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-160160",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "db": "PACKETSTORM",
        "id": "154657"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8725"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ]
  },
  "id": "VAR-201912-0530",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160160"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:46:02.219000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT210605",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht210605"
      },
      {
        "title": "HT210605",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht210605"
      },
      {
        "title": "Apple Safari Service Workers Fixes for component security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98681"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8725"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht210605"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8725"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8725"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98778455/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht210605"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154657/apple-security-advisory-2019-9-26-9.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210605"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3649/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8654"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "db": "PACKETSTORM",
        "id": "154657"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8725"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-160160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "db": "PACKETSTORM",
        "id": "154657"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-8725"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160160"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "date": "2019-09-29T17:32:22",
        "db": "PACKETSTORM",
        "id": "154657"
      },
      {
        "date": "2019-12-18T18:15:37.147000",
        "db": "NVD",
        "id": "CVE-2019-8725"
      },
      {
        "date": "2019-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160160"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2019-8725"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Safari Vulnerabilities in private browsing history information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013360"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-1294"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-8725 (GCVE-0-2019-8725)

FKIE_CVE-2019-8725

GSD-2019-8725

GHSA-PX9H-5XXR-MM8W

VAR-201912-0530

Tags

Sightings

Nomenclature