Sign-up

ID

VAR-201804-0434


CVE

CVE-2017-13839


TITLE

Apple macOS of Spotlight Vulnerability in displaying the results of other users' files in a component

Trust: 0.8

sources: JVNDB: JVNDB-2017-013131

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Spotlight is one of the components used to search for files, programs, etc. in the system

Trust: 1.71

sources: NVD: CVE-2017-13839 // JVNDB: JVNDB-2017-013131 // VULHUB: VHN-104501

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 1.6

vendor:applemodel:mac os xscope:ltversion:10.8 or later 10.13

Trust: 0.8

sources: JVNDB: JVNDB-2017-013131 // CNNVD: CNNVD-201804-223 // NVD: CVE-2017-13839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13839
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-13839
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-223
value: LOW

Trust: 0.6

VULHUB: VHN-104501
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-13839
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104501
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13839
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104501 // JVNDB: JVNDB-2017-013131 // CNNVD: CNNVD-201804-223 // NVD: CVE-2017-13839

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-104501 // JVNDB: JVNDB-2017-013131 // NVD: CVE-2017-13839

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-223

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-223

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013131

PATCH
title:HT208144url:https://support.apple.com/en-us/HT208144
Trust: 0.8
title:HT208144url:https://support.apple.com/ja-jp/HT208144
Trust: 0.8
title:Apple macOS High Sierra Spotlight Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83075
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013131 // 
            
            
            
            CNNVD: CNNVD-201804-223

EXTERNAL IDS
db:NVDid:CVE-2017-13839
Trust: 2.5
db:JVNDBid:JVNDB-2017-013131
Trust: 0.8
db:CNNVDid:CNNVD-201804-223
Trust: 0.6
db:VULHUBid:VHN-104501
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104501 // 
            
            
            
            JVNDB: JVNDB-2017-013131 // 
            
            
            
            CNNVD: CNNVD-201804-223 // 
            
            
            
            NVD: CVE-2017-13839

REFERENCES
url:https://support.apple.com/ht208144
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13839
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13839
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104501 // 
            
            
            
            JVNDB: JVNDB-2017-013131 // 
            
            
            
            CNNVD: CNNVD-201804-223 // 
            
            
            
            NVD: CVE-2017-13839

SOURCES
db:VULHUBid:VHN-104501
db:JVNDBid:JVNDB-2017-013131
db:CNNVDid:CNNVD-201804-223
db:NVDid:CVE-2017-13839

LAST UPDATE DATE
2024-11-23T21:53:17.106000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104501date:2018-05-04T00:00:00
db:JVNDBid:JVNDB-2017-013131date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-223date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13839date:2024-11-21T03:11:46.740

SOURCES RELEASE DATE
db:VULHUBid:VHN-104501date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013131date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-223date:2018-04-04T00:00:00
db:NVDid:CVE-2017-13839date:2018-04-03T06:29:00.467