gsd-2023-42935
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.
Aliases
Aliases
CVE-2023-42935


To clipboard 

{
  "GSD": {
    "alias": "CVE-2023-42935",
    "id": "GSD-2023-42935"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-42935"
      ],
      "details": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen.",
      "id": "GSD-2023-42935",
      "modified": "2023-12-13T01:20:22.000480Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2023-42935",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "13.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT214058",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT214058"
          },
          {
            "name": "https://support.apple.com/kb/HT213984",
            "refsource": "MISC",
            "url": "https://support.apple.com/kb/HT213984"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2024/Jan/37",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2024/Jan/37"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A3916CD8-E6D5-4786-903E-B86026859CE6",
                    "versionEndExcluding": "13.6.4",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F9F52915-10F1-4514-B839-F6DC74B53555",
                    "versionEndExcluding": "14.1",
                    "versionStartIncluding": "14.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen."
          },
          {
            "lang": "es",
            "value": "Se solucion\u00f3 un problema de autenticaci\u00f3n con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.6.4. Un atacante local puede ver el escritorio del usuario que inici\u00f3 sesi\u00f3n anteriormente desde la pantalla de cambio r\u00e1pido de usuario."
          }
        ],
        "id": "CVE-2023-42935",
        "lastModified": "2024-01-29T18:38:29.587",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2024-01-23T01:15:10.170",
        "references": [
          {
            "source": "product-security@apple.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jan/37"
          },
          {
            "source": "product-security@apple.com",
            "tags": [
              "Release Notes",
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/en-us/HT214058"
          },
          {
            "source": "product-security@apple.com",
            "tags": [
              "Release Notes",
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/kb/HT213984"
          }
        ],
        "sourceIdentifier": "product-security@apple.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.