cvelistv5 - cve-2019-7289

CVE-2019-7289 (GCVE-0-2019-7289)

Vulnerability from cvelistv5

Published

2019-12-18 17:33

Modified

2024-08-04 20:46

Severity ?

CWE

A local user may be able to view senstive user information

Summary

References

URL

	Vendor	Product	Version
	Apple	Shortcuts	Version: unspecified < Shortcuts 2.1.3 for iOS

fkie_cve-2019-7289

Vulnerability from fkie_nvd

Published

2019-12-18 18:15

Modified

2024-11-21 04:47

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/HT209522	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT209522	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	shortcuts	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:shortcuts:*:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "098D064B-10D1-483A-A8B0-DE29A9B0CBEC",
              "versionEndExcluding": "2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information."
    },
    {
      "lang": "es",
      "value": "Se solucion\u00f3 un problema de an\u00e1lisis en el manejo de rutas de directorio mejorando la comprobaci\u00f3n de ruta. Este problema es corregido en Shortcuts versi\u00f3n 2.1.3 para iOS. Un usuario local puede visualizar informaci\u00f3n sensible del usuario."
    }
  ],
  "id": "CVE-2019-7289",
  "lastModified": "2024-11-21T04:47:56.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-18T18:15:22.207",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT209522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT209522"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2020-03005

Vulnerability from cnvd

Title

Apple Shortcuts for iOS输入验证错误漏洞

Description

Apple Shortcuts for iOS是美国苹果（Apple）公司的一套基于iOS平台的快捷应用。基于iOS平台的Apple Shortcuts 2.1.3之前版本中对目录路径的处理存在安全漏洞。本地攻击者可利用该漏洞查看敏感的用户信息。

Severity

低

Patch Name

Apple Shortcuts for iOS输入验证错误漏洞的补丁

Patch Description

Apple Shortcuts for iOS是美国苹果（Apple）公司的一套基于iOS平台的快捷应用。基于iOS平台的Apple Shortcuts 2.1.3之前版本中对目录路径的处理存在安全漏洞。本地攻击者可利用该漏洞查看敏感的用户信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/en-us/HT209522

Reference

http://www.securityfocus.com/bid/106957

Impacted products

Name
Apple Apple Shortcuts for iOS <2.1.3

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "106957"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-7289",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-7289"
    }
  },
  "description": "Apple Shortcuts for iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eiOS\u5e73\u53f0\u7684\u5feb\u6377\u5e94\u7528\u3002\n\n\u57fa\u4e8eiOS\u5e73\u53f0\u7684Apple Shortcuts 2.1.3\u4e4b\u524d\u7248\u672c\u4e2d\u5bf9\u76ee\u5f55\u8def\u5f84\u7684\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/en-us/HT209522",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03005",
  "openTime": "2020-01-20",
  "patchDescription": "Apple Shortcuts for iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eiOS\u5e73\u53f0\u7684\u5feb\u6377\u5e94\u7528\u3002\r\n\r\n\u57fa\u4e8eiOS\u5e73\u53f0\u7684Apple Shortcuts 2.1.3\u4e4b\u524d\u7248\u672c\u4e2d\u5bf9\u76ee\u5f55\u8def\u5f84\u7684\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple Shortcuts for iOS\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple  Apple Shortcuts for iOS \u003c2.1.3"
  },
  "referenceLink": "http://www.securityfocus.com/bid/106957",
  "serverity": "\u4f4e",
  "submitTime": "2019-12-27",
  "title": "Apple Shortcuts for iOS\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions antérieures à 12.1.4
Apple	N/A	maxOS Mojave versions antérieures à 10.14.3
Apple	N/A	Shortcuts pour iOS versions antérieures à 2.1.3

References

Title

Publication Time

ghsa-8453-jjmp-9q2q

Vulnerability from github

Published

2022-05-24 17:04

Modified

2022-05-24 17:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-7289"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "LOW"
  },
  "details": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information.",
  "id": "GHSA-8453-jjmp-9q2q",
  "modified": "2022-05-24T17:04:07Z",
  "published": "2022-05-24T17:04:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7289"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT209522"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2019-7289

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-7289

Aliases

CVE-2019-7289

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-7289",
    "description": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information.",
    "id": "GSD-2019-7289"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-7289"
      ],
      "details": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information.",
      "id": "GSD-2019-7289",
      "modified": "2023-12-13T01:23:46.660971Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-7289",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Shortcuts",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "Shortcuts 2.1.3 for iOS"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A local user may be able to view senstive user information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT209522",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT209522"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:shortcuts:*:*:*:*:*:iphone_os:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-7289"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT209522",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT209522"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-12-18T18:15Z"
    }
  }
}

var-201912-0455

Vulnerability from variot

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information. apple's iPhone OS for Shortcuts Exists in a past traversal vulnerability.Information may be obtained. Apple iOS is prone to the following vulnerabilities: 1. An information-disclosure vulnerability. 2. A security-bypass vulnerability Attackers can exploit these issues to gain sensitive information and to bypass security mechanisms. This may aid in further attacks. Apple Shortcuts version 2.1.2 is vulnerable. There is a security vulnerability in the processing of directory paths in versions prior to 2.1.3 of Apple Shortcuts based on the iOS platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS

Shortcuts 2.1.3 for iOS is now available and addresses the following:

Shortcuts Available for: Shortcuts 2.1.2 for iOS Impact: A local user may be able to view senstive user information Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2019-7289: Sem VoigtlA$?nder of Fontys Hogeschool ICT

Shortcuts Available for: Shortcuts 2.1.2 for iOS Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-7290: Avimanyu Roy (@AvimanyuRoy3)

Additional recognition

Shortcuts We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance.

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxcZmopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HU4A/8 DI/d6q1a4C0x7/T/XBDc4WsuvOFa5mmaTicKE24CRJjDjb2c11ZOtIeeBF7HBJVx 5+326g+3y1J7wAPT1o5btQQv0SNxVaDuJUa8hNUrheg+LpQ5dEzVY50X+lMJ9etE gjyyZWrzWMSXvuHj+CrXRuK1BXZQCWZzOXIPfVOYqH3eBao0ld4NaQdtviUctNla wgiLZ+33fVFJm1MjtdcjxOhKd54GVGUnKN338YhnFQfIjEZA7zeOvKlzb77ZqDZx JxpuVIpkv4OvWX0Xg+u0iYALEbJDr75vk3YUjuKHCWENdJM9Eka64yVxdGc7C9/E vpAKwVaWcgCJuDexaqwt/ht1AclMVzORPSYtU0A1HxyVR3kEUVjAWAuANjakB/Zn CDerYQiTOyFSZIvitkrunQmb65iXMjjYgznnTjAxv1kkil5uAz56L+jJ0C/CNw4y kzsQnrKbxyTNJ/qYzPaEJChsZ7FSWakBUJZ62hQzRaQnXgGZ8UyfyL9cRS5NUaO5 Yd0FaQk7UWCsbFzePHTlSbA5GedweJ6cXcoBst/WdpGP+81ZnvQMhbEJvxXwmKP1 xpq0PhAWRFBQFtWowhVE7fKLQj9zqao86eSebKK1Tc9VfnFNUmTQjyQo2HpdQtnC eW17D5S5FBaov6WyxASP5Wmi8xJsmgWP4OomprfSbNQ= =BI6A -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0455",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "shortcuts",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.1.3"
      },
      {
        "model": "shortcuts",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "2.1.3"
      },
      {
        "model": "shortcuts",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "shortcuts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1.2"
      },
      {
        "model": "shortcuts",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7289"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sem Voigtl?\u00a4nder from Fontys Hogeschool ICT and Avimanyu Roy (@AvimanyuRoy3).,Fontys Hogeschool ICT of  Sem Voigtl?nder",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-7289",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-7289",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-158724",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-7289",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-7289",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-7289",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-7289",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-343",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158724",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-7289",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7289"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information. apple\u0027s iPhone OS for Shortcuts Exists in a past traversal vulnerability.Information may be obtained. Apple iOS is prone to the following vulnerabilities:\n1. An information-disclosure vulnerability. \n2. A security-bypass vulnerability\nAttackers can exploit these issues to gain sensitive information and to bypass security mechanisms. This may aid in further attacks. \nApple Shortcuts version 2.1.2 is vulnerable. There is a security vulnerability in the processing of directory paths in versions prior to 2.1.3 of Apple Shortcuts based on the iOS platform. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS\n\nShortcuts 2.1.3 for iOS is now available and addresses the following:\n\nShortcuts\nAvailable for: Shortcuts 2.1.2 for iOS\nImpact: A local user may be able to view senstive user information\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2019-7289: Sem VoigtlA$?nder of Fontys Hogeschool ICT\n\nShortcuts\nAvailable for: Shortcuts 2.1.2 for iOS\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-7290: Avimanyu Roy (@AvimanyuRoy3)\n\nAdditional recognition\n\nShortcuts\nWe would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool\nICT for their assistance. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxcZmopHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HU4A/8\nDI/d6q1a4C0x7/T/XBDc4WsuvOFa5mmaTicKE24CRJjDjb2c11ZOtIeeBF7HBJVx\n5+326g+3y1J7wAPT1o5btQQv0SNxVaDuJUa8hNUrheg+LpQ5dEzVY50X+lMJ9etE\ngjyyZWrzWMSXvuHj+CrXRuK1BXZQCWZzOXIPfVOYqH3eBao0ld4NaQdtviUctNla\nwgiLZ+33fVFJm1MjtdcjxOhKd54GVGUnKN338YhnFQfIjEZA7zeOvKlzb77ZqDZx\nJxpuVIpkv4OvWX0Xg+u0iYALEbJDr75vk3YUjuKHCWENdJM9Eka64yVxdGc7C9/E\nvpAKwVaWcgCJuDexaqwt/ht1AclMVzORPSYtU0A1HxyVR3kEUVjAWAuANjakB/Zn\nCDerYQiTOyFSZIvitkrunQmb65iXMjjYgznnTjAxv1kkil5uAz56L+jJ0C/CNw4y\nkzsQnrKbxyTNJ/qYzPaEJChsZ7FSWakBUJZ62hQzRaQnXgGZ8UyfyL9cRS5NUaO5\nYd0FaQk7UWCsbFzePHTlSbA5GedweJ6cXcoBst/WdpGP+81ZnvQMhbEJvxXwmKP1\nxpq0PhAWRFBQFtWowhVE7fKLQj9zqao86eSebKK1Tc9VfnFNUmTQjyQo2HpdQtnC\neW17D5S5FBaov6WyxASP5Wmi8xJsmgWP4OomprfSbNQ=\n=BI6A\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-7289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "db": "BID",
        "id": "106957"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7289"
      },
      {
        "db": "PACKETSTORM",
        "id": "151576"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-7289",
        "trust": 3.8
      },
      {
        "db": "BID",
        "id": "106957",
        "trust": 0.9
      },
      {
        "db": "PACKETSTORM",
        "id": "151576",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-343",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0390",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-158724",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7289",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7289"
      },
      {
        "db": "BID",
        "id": "106957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "db": "PACKETSTORM",
        "id": "151576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7289"
      }
    ]
  },
  "id": "VAR-201912-0455",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158724"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:11:45.196000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT209522 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT209522"
      },
      {
        "title": "Apple iOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89157"
      },
      {
        "title": "plataoplomo",
        "trust": 0.1,
        "url": "https://github.com/userlandkernel/plataoplomo "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-7289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.1
      },
      {
        "problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158724"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7289"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht209522"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7289"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/151576/apple-security-advisory-2019-2-07-3.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75258"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/106957"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht209522"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/userlandkernel/plataoplomo"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7290"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7289"
      },
      {
        "db": "BID",
        "id": "106957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "db": "PACKETSTORM",
        "id": "151576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7289"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-158724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7289"
      },
      {
        "db": "BID",
        "id": "106957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "db": "PACKETSTORM",
        "id": "151576"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7289"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158724"
      },
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-7289"
      },
      {
        "date": "2019-02-07T00:00:00",
        "db": "BID",
        "id": "106957"
      },
      {
        "date": "2024-07-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "date": "2019-02-07T18:32:22",
        "db": "PACKETSTORM",
        "id": "151576"
      },
      {
        "date": "2019-02-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      },
      {
        "date": "2019-12-18T18:15:22.207000",
        "db": "NVD",
        "id": "CVE-2019-7289"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158724"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-7289"
      },
      {
        "date": "2019-02-07T00:00:00",
        "db": "BID",
        "id": "106957"
      },
      {
        "date": "2024-07-19T04:39:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      },
      {
        "date": "2024-11-21T04:47:56.150000",
        "db": "NVD",
        "id": "CVE-2019-7289"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "106957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "apple\u0027s \u00a0iPhone\u00a0OS\u00a0 for \u00a0Shortcuts\u00a0 Past traversal vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016877"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-343"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-7289 (GCVE-0-2019-7289)

Vulnerability from cvelistv5

fkie_cve-2019-7289

Vulnerability from fkie_nvd

cnvd-2020-03005

Vulnerability from cnvd

CERTFR-2019-AVI-048

Vulnerability from certfr_avis

Solution

ghsa-8453-jjmp-9q2q

Vulnerability from github

gsd-2019-7289

Vulnerability from gsd

var-201912-0455

Vulnerability from variot

Tags

Sightings

Nomenclature