{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-32360", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "dateUpdated": "2024-12-05T16:47:52.318Z", "dateReserved": "2023-05-08T00:00:00", "datePublished": "2023-06-23T00:00:00"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An unauthenticated user may be able to access recently printed documents"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "12.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "11.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents."}], "references": [{"url": "https://support.apple.com/en-us/HT213758"}, {"url": "https://support.apple.com/en-us/HT213759"}, {"url": "https://support.apple.com/en-us/HT213760"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2023-07-27T03:47:29.106Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:10:24.966Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213758", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213759", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213760", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-05T16:47:20.480304Z", "id": "CVE-2023-32360", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-05T16:47:52.318Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213758", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213759", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213760", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:10:24.966Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32360", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-05T16:47:20.480304Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-05T16:47:41.571Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "11.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213758"}, {"url": "https://support.apple.com/en-us/HT213759"}, {"url": "https://support.apple.com/en-us/HT213760"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"}], "descriptions": [{"lang": "en", "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An unauthenticated user may be able to access recently printed documents"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2023-07-27T03:47:29.106Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32360", "state": "PUBLISHED", "dateUpdated": "2024-12-05T16:47:52.318Z", "dateReserved": "2023-05-08T00:00:00", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2023-06-23T00:00:00", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B59D22F2-6EBD-4943-A009-F740265938AA", "versionEndExcluding": "11.7.7", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "057C3BDA-4822-4256-A016-4B32A05DD3B7", "versionEndExcluding": "12.6.6", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA07361B-D827-471F-9443-4BE4265D6A3B", "versionEndExcluding": "13.4", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents."}], "id": "CVE-2023-32360", "lastModified": "2024-12-05T17:15:08.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-06-23T18:15:11.647", "references": [{"source": "[email protected]", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"}, {"source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213758"}, {"source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213759"}, {"source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213760"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213760"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:4766", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "cups-1:1.6.3-52.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-08-28T00:00:00Z"}, {"advisory": "RHSA-2023:4864", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "cups-1:2.2.6-51.el8_8.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4864", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "cups-1:2.2.6-51.el8_8.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4765", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "cups-1:2.2.6-28.el8_1.2", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-08-28T00:00:00Z"}, {"advisory": "RHSA-2023:4771", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "cups-1:2.2.6-33.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-08-28T00:00:00Z"}, {"advisory": "RHSA-2023:4771", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "cups-1:2.2.6-33.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-08-28T00:00:00Z"}, {"advisory": "RHSA-2023:4771", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "cups-1:2.2.6-33.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-08-28T00:00:00Z"}, {"advisory": "RHSA-2023:4768", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "cups-1:2.2.6-38.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-08-28T00:00:00Z"}, {"advisory": "RHSA-2023:4768", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "cups-1:2.2.6-38.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-08-28T00:00:00Z"}, {"advisory": "RHSA-2023:4768", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "cups-1:2.2.6-38.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-08-28T00:00:00Z"}, {"advisory": "RHSA-2023:4770", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "cups-1:2.2.6-45.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-08-28T00:00:00Z"}, {"advisory": "RHSA-2023:4838", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "cups-1:2.3.3op2-16.el9_2.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4838", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "cups-1:2.3.3op2-16.el9_2.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-08-29T00:00:00Z"}, {"advisory": "RHSA-2023:4769", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "cups-1:2.3.3op2-13.el9_0.2", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-08-28T00:00:00Z"}], "bugzilla": {"description": "cups: Information leak through Cups-Get-Document operation", "id": "2230495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230495"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.", "A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach."], "mitigation": {"lang": "en:us", "value": "The user can either set 'PreserveJobFiles No' in cupsd.conf which will completely shut off the saving the job files, thereby preventing the attacker to get a file or restrict access in firewall and in cupsd to trusted users."}, "name": "CVE-2023-32360", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-12-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-32360\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32360"], "statement": "This vulnerability is classified as important according to Red Hat's Severity Rating Classification, as unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.\nhttps://access.redhat.com/security/updates/classification", "threat_severity": "Important", "upstream_fix": "cups 2.4.3"}