CVE-2023-23505

LOW Year: 2023
CVSS v3 Score
3.3
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts.

Related Vulnerabilities

CVE-2016-0296

LOW
CVSS:3.3(Low)

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.

CWE-5322016

CVE-2016-5432

LOW
CVSS:3.3(Low)

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

CWE-5322016

CVE-2017-1733

LOW
CVSS:3.3(Low)

IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.

CWE-5322017

CVE-2017-18423

LOW
CVSS:3.3(Low)

In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).

CWE-5322017

CVE-2018-5693

LOW
CVSS:3.3(Low)

The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.

CWE-5322018

CVE-2019-10343

LOW
CVSS:3.3(Low)

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.

CWE-5322019