CVE-2021-30888 — Open Redirect in Apple IOS AND Ipados

CWE-601 — Open Redirect11 documents6 sources

Severity

7.4HIGHNVD

EPSS

0.2%

top 55.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Ipad OS +4 more

Timeline

PublishedAug 24

Latest updateDec 20

Description

An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior .

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages8 packages

▶NVDapple/ipad_os< 14.8.1

▶CVEListV5apple/ios_and_ipadosunspecified — 15.1+1

▶NVDapple/ipados15.0

▶NVDapple/tvos< 15.1

▶CVEListV5apple/macosunspecified — 12.0+2

🔴Vulnerability Details

OSV

CVE-2021-30888: An information leakage issue was addressed↗2021-08-24

▶

CVEList

CVE-2021-30888: An information leakage issue was addressed↗2021-08-24

▶

📋Vendor Advisories

Red Hat

webkitgtk: Information leak via Content Security Policy reports↗2021-12-20

▶

Apple

CVE-2021-30888: Safari 15.1↗2021-10-27

▶

Apple

CVE-2021-30888: iOS 14.8.1 and iPadOS 14.8.1↗2021-10-26

▶

Apple

CVE-2021-30888: watchOS 8.1↗2021-10-25

▶

Apple

CVE-2021-30888: macOS Monterey 12.0.1↗2021-10-25

▶