CVE-2022-48505Authorization Bypass Through User-Controlled Key in Apple Macos

CWE-639Authorization Bypass Through User-Controlled Key4 documents3 sources
Severity
9.8CRITICALNVD
NVD5.5
EPSS
0.1%
top 84.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple MacosApple Macos VenturaNotion WEB Clipper
Timeline
PublishedJun 28

Description

This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDapple/macos< 13.0
NVDnotion/web_clipper1.0.3\(7\)

🔴Vulnerability Details

1
GHSA
GHSA-mfmf-m5jw-cfqh: This issue was addressed with improved data protection2023-06-28

📋Vendor Advisories

1
Apple
CVE-2022-48505: macOS Ventura 132022-10-24