CVE-2022-32933 — Sensitive Information Exposure in Apple Macos

CWE-200 — Sensitive Information Exposure CWE-841 — Improper Enforcement of Behavioral Workflow6 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 56.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Debian Webkit2gtk Debian Wpewebkit +1 more

Timeline

PublishedJun 10

Description

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶Appleapple/macos_monterey12.5

▶CVEListV5apple/macosunspecified — 12.5

▶NVDapple/macos< 12.5

▶debiandebian/wpewebkit< webkit2gtk 2.38.0-1 (bookworm)

▶debiandebian/webkit2gtk< webkit2gtk 2.38.0-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-h9rg-mrq2-9rc6: An information disclosure issue was addressed by removing the vulnerable code↗2024-06-10

▶

OSV

CVE-2022-32933: An information disclosure issue was addressed by removing the vulnerable code↗2024-06-10

▶

📋Vendor Advisories

Red Hat

webkitgtk: A website may able to track visited websites in private browsing↗2023-11-15

▶

Apple

CVE-2022-32933: macOS Monterey 12.5↗2022-07-20

▶

Debian

CVE-2022-32933: webkit2gtk - An information disclosure issue was addressed by removing the vulnerable code. T...↗2022

▶