CVE-2020-3841 — Cleartext Transmission of Sensitive Info in Apple Safari

CWE-319 — Cleartext Transmission of Sensitive Info CWE-522 — Insufficiently Protected Credentials6 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 65.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Safari Apple Ipados +1 more

Timeline

PublishedFeb 27

Latest updateMay 24

Description

The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5apple/safariunspecified — Safari 13.0.5

▶NVDapple/ipados< 13.3.1

▶NVDapple/safari< 13.0.5

▶CVEListV5apple/iosunspecified — iOS 13.3.1 and iPadOS 13.3.1

▶NVDapple/iphone_os< 13.3.1

🔴Vulnerability Details

GHSA

GHSA-237h-5fc4-8x3g: The issue was addressed with improved UI handling↗2022-05-24

▶

CVEList

CVE-2020-3841: The issue was addressed with improved UI handling↗2020-02-27

▶

💬Community

Bugzilla

CVE-2020-2230 jenkins: stored XSS vulnerability in project naming strategy↗2020-09-03

▶

Bugzilla

CVE-2020-2231 jenkins: stored XSS vulnerability in 'trigger builds remotely'↗2020-09-03

▶

Bugzilla

CVE-2020-2229 jenkins: user-specified tooltip values leads to stored cross-site scripting↗2020-09-02

▶