Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-27954

Опубликовано: 21 апр. 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

A vulnerability was found in WebKitGTK. This security issue leads to tracking sensitive user information via a website.

Отчет

This flaw is being rated as 'Moderate' as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn't ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkOut of support scope
Red Hat Enterprise Linux 7webkitgtk3Out of support scope
Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4FixedRHSA-2025:1036407.07.2025
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2023:705514.11.2023
Red Hat Enterprise Linux 9webkit2gtk3FixedRHSA-2023:653507.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2236844webkitgtk: Website may be able to track sensitive user information

EPSS

Процентиль: 31%
0.00118
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-27954

CVSS3: 6.5
ubuntu
больше 2 лет назад

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

nvd логотип

CVE-2023-27954

CVSS3: 6.5
nvd
больше 2 лет назад

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

debian логотип

CVE-2023-27954

CVSS3: 6.5
debian
больше 2 лет назад

The issue was addressed by removing origin information. This issue is ...

github логотип

GHSA-2q9c-qj72-94fh

CVSS3: 6.5
github
больше 2 лет назад

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information

fstec логотип

BDU:2023-03865

CVSS3: 6.5
fstec
больше 2 лет назад

Уязвимость модулей отображения веб-страниц WPE WebKit и WebKitGTK, связанная с некорректным присваиванием привилегий, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 31%
0.00118
Низкий

6.5 Medium

CVSS3