var-202012-0751
Vulnerability from variot
An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview files it does not have access to. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0751",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(macbook pro late 2013 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(imac pro all models )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(mac mini 2014 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(macbook air 2013 or later )"
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(imac 2014 or later )"
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "11.0.1"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(mac pro 2013 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(macbook 2015 or later )"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"db": "NVD",
"id": "CVE-2020-27900"
}
]
},
"cve": "CVE-2020-27900",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-27900",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-372011",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-27900",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-27900",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27900",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-27900",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1355",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-372011",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372011"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1355"
},
{
"db": "NVD",
"id": "CVE-2020-27900"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview files it does not have access to. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27900"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"db": "VULHUB",
"id": "VHN-372011"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27900",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU99462952",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014243",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.4060",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4060.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1355",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-372011",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372011"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1355"
},
{
"db": "NVD",
"id": "CVE-2020-27900"
}
]
},
"id": "VAR-202012-0751",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-372011"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:21:59.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211931 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211931"
},
{
"title": "Apple NSRemoteView Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136649"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372011"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"db": "NVD",
"id": "CVE-2020-27900"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2020/dec/32"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht211931"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27900"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99462952/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4060/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4060.2/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372011"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1355"
},
{
"db": "NVD",
"id": "CVE-2020-27900"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-372011"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1355"
},
{
"db": "NVD",
"id": "CVE-2020-27900"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-372011"
},
{
"date": "2021-08-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"date": "2020-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1355"
},
{
"date": "2020-12-08T21:15:12.890000",
"db": "NVD",
"id": "CVE-2020-27900"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-372011"
},
{
"date": "2021-08-12T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2020-014243"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1355"
},
{
"date": "2024-11-21T05:22:00.797000",
"db": "NVD",
"id": "CVE-2020-27900"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "macOS\u00a0 Snapshot handling vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1355"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…