Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-23254

Опубликовано: 07 мар. 2024
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

A vulnerability was found in WebKit, where a remote attacker is able to exfiltrate audio data cross-origin by convincing a victim to visit a specially crafted website, which results in obtaining sensitive information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkOut of support scope
Red Hat Enterprise Linux 7webkitgtk3Out of support scope
Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4FixedRHSA-2025:1036407.07.2025
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2024:1048127.11.2024
Red Hat Enterprise Linux 9webkit2gtk3FixedRHSA-2024:818016.10.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2270289webkit: malicious website may exfiltrate audio data cross-origin

EPSS

Процентиль: 66%
0.00508
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-23254

CVSS3: 6.5
ubuntu
почти 2 года назад

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

nvd логотип

CVE-2024-23254

CVSS3: 6.5
nvd
почти 2 года назад

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

debian логотип

CVE-2024-23254

CVSS3: 6.5
debian
почти 2 года назад

The issue was addressed with improved UI handling. This issue is fixed ...

github логотип

GHSA-62qm-vc7f-rm93

CVSS3: 6.5
github
почти 2 года назад

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

suse-cvrf логотип

SUSE-SU-2024:1293-1

suse-cvrf
почти 2 года назад

Security update for webkit2gtk3

EPSS

Процентиль: 66%
0.00508
Низкий

6.5 Medium

CVSS3