CVE-2023-27954

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

Published: May 8, 2023
Updated: Jul 28, 2023
CVE: CVE-2023-27954
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / macos	13.0	13.3
apple / tvos	-	16.4
apple / watchos	-	9.4
apple / iphone_os	-	15.7.4
apple / iphone_os	16.0	16.4
apple / safari	-	16.4
debian / debian_linux	10.0	10.0.x
apple / ipados	16.0	16.4
apple / ipados	-	15.7.4

http://seclists.org/fulldisclosure/2023/May/7
https://lists.debian.org/debian-lts-announce/2023/05/msg00011.html
https://security.gentoo.org/glsa/202305-32
https://support.apple.com/en-us/HT213670
https://support.apple.com/en-us/HT213671
https://support.apple.com/en-us/HT213673
https://support.apple.com/en-us/HT213674
https://support.apple.com/en-us/HT213676
https://support.apple.com/en-us/HT213678

Vulnerability Database

289,871

CVE-2023-27954