CVE-2020-3866 — Incorrect Authorization in Apple Macos

CWE-863 — Incorrect Authorization2 documents2 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 55.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple MAC OS X

Timeline

PublishedFeb 27

Latest updateMay 24

Description

This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Catalina 10.15.3. Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5apple/macosunspecified — macOS Catalina 10.15.3

▶NVDapple/mac_os_x< 10.15.3

🔴Vulnerability Details

GHSA

GHSA-gx6x-fhpp-hw29: This was addressed with additional checks by Gatekeeper on files mounted through a network share↗2022-05-24

▶