Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-8565Race Condition in Apple Macos

CWE-362Race ConditionCWE-532Log File Information ExposureCWE-117Improper Output Neutralization for Logs13 documents11 sources
Severity
7.0HIGHNVD
OSV6.5
EPSS
28.7%
top 3.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Apple IOSApple MacosK8s.io Client-go+2 more
Timeline
PublishedDec 18
Latest updateMay 24

Description

A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages5 packages

CVEListV5apple/macosunspecifiedmacOS Mojave 10.14.4
NVDapple/mac_os_x< 10.14.4
CVEListV5apple/iosunspecifiediOS 12.2
NVDapple/iphone_os< 12.2
Gok8s.io/client-go< 0.20.0-alpha.2

🔴Vulnerability Details

3
GHSA
GHSA-36gf-xph5-cmf6: A race condition was addressed with additional validation2022-05-24
OSV
Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go2021-04-14
CVEList
CVE-2019-8565: A race condition was addressed with additional validation2019-12-18

💥Exploits & PoCs

2
Exploit-DB
Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)2019-05-23
Metasploit
Mac OS X Feedback Assistant Race Condition

📋Vendor Advisories

4
Microsoft
Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 92020-12-08
Red Hat
kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 92020-10-14
Apple
CVE-2019-8565: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra2019-03-25
Apple
CVE-2019-8565: iOS 12.22019-03-25

🕵️Threat Intelligence

2
Sentinelone
Privilege Escalation | macOS Malware & The Path to Root Part 1 - SentinelLabs2019-11-06
Sentinelone
Privilege Escalation | macOS Malware & The Path to Root Part 12019-11-06

💬Community

1
Bugzilla
CVE-2020-8565 kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 92020-10-09
CVE-2019-8565 — Race Condition in Apple Macos | cvebase