CVE-2022-22594Origin Validation Error in Apple IOS AND Ipados

CWE-346Origin Validation Error11 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 55.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple IOS AND IpadosApple MacosApple Tvos+4 more
Timeline
PublishedMar 18
Latest updateMar 19

Description

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages10 packages

CVEListV5apple/tvosunspecified15.3
NVDapple/tvos< 15.3
CVEListV5apple/macosunspecified12.2
NVDapple/macos< 12.2
NVDapple/ipados< 15.3

🔴Vulnerability Details

3
GHSA
GHSA-3xf9-qwxv-r3r4: A cross-origin issue in the IndexDB API was addressed with improved input validation2022-03-19
CVEList
CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation2022-03-18
OSV
CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation2022-03-18

📋Vendor Advisories

7
Apple
CVE-2022-22594: iOS 15.3 and iPadOS 15.32022-01-26
Apple
CVE-2022-22594: watchOS 8.42022-01-26
Apple
CVE-2022-22594: tvOS 15.32022-01-26
Apple
CVE-2022-22594: macOS Monterey 12.22022-01-26
Apple
CVE-2022-22594: Safari 15.32022-01-26
CVE-2022-22594 — Origin Validation Error in Apple | cvebase