Details of VAR-202205-1400

ID

VAR-202205-1400

CVE

CVE-2022-26747

TITLE

Xcode Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011253

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. Xcode Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-8 Xcode 13.4 Xcode 13.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213261. Git Available for: macOS Monterey 12 or later Impact: On multi-user machines Git users might find themselves unexpectedly in a Git worktree Description: A logic issue was addressed with improved state management. CVE-2022-26747: Mickey Jin (@patch1t) Xcode 13.4 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13.4". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC134ACgkQeC9qKD1p rhhvkA//TnfJPjjM0mtNqitNsvDFT6RrGrGwMkvIBy6GkkMIPYcdwGiGFOjwaZyj U53+wyHT6KMvgi78rsoeBIL3IqbZXh8XdXjVvwcUgvgDOzta+jk6FK04dxMQ4X74 e41UtWuAvjnTGlmHbvMO/3fmKPQYFiGeyxS/U/q6Eh21JY1tBvcgF7Nwyw4jm+TS IDMJL8a8++1bRUts8wXlOj+Vh+mhCjDiLl0NXp61DQKF/dZQKYyMmVx/+eeXAjHw U2KrF2RZ+rfh/fyaacEJaqrz+HzAiFDE6c0swQugBr6yvL+usBHOw9FeVRjRRegQ 9LwCKeRjbzZXTTaKiuwWzoYqJnyMtiUvnUPvhu2mSb/T06USxclSPE9IJt7+eEix /Qu32NUVeZC56tPc8zcbCXZuCRmBO/r0qudMt5ScjcqYlCn3ZUyslxwuZFutJXSw HN7UlSn7H5REEG+RPgjxCtvPiTRA4QSAqZDAVmSmDAR2uHSWhyx/WOxgd7ofckh5 PUrHgFaKg/Xr9d1btemQ9h8H/h8UBxdM0yGv1v+Un2hDaoRNi0+uN12o1VI4W8m4 yjoBkBcH1jr97t+WsMgacbOyPGcJQBLGP+smM8PoNFboDurt++3OiKaDvb42C+k7 gwbf8apGlbGuiMq/BFhZWlrfJIKgJjq6ejDZtTFJ6PUb8EBQlHQ= =xRKW -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-26747 // JVNDB: JVNDB-2022-011253 // VULHUB: VHN-417416 // VULMON: CVE-2022-26747 // PACKETSTORM: 167204

AFFECTED PRODUCTS

vendor:	apple	model:	xcode	scope:	lt	version:	13.4	Trust: 1.0
vendor:	アップル	model:	xcode	scope:	eq	version:	13.4	Trust: 0.8
vendor:	アップル	model:	xcode	scope:	eq	version:	-	Trust: 0.8
vendor:	アップル	model:	xcode	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011253 // NVD: CVE-2022-26747

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26747
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26747
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-3448
value:	HIGH
Trust: 0.6
VULHUB:	VHN-417416
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-26747
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-417416
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26747
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26747
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-417416 // JVNDB: JVNDB-2022-011253 // CNNVD: CNNVD-202205-3448 // NVD: CVE-2022-26747

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-011253 // NVD: CVE-2022-26747

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3448

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3448

PATCH

title:	HT213261 Apple Security update	url:	https://support.apple.com/en-us/HT213261	Trust: 0.8
title:	Apple Xcode Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195204	Trust: 0.6

sources: JVNDB: JVNDB-2022-011253 // CNNVD: CNNVD-202205-3448

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26747	Trust: 3.5
db:	PACKETSTORM	id:	167204	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-011253	Trust: 0.8
db:	CS-HELP	id:	SB2022051707	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3448	Trust: 0.6
db:	VULHUB	id:	VHN-417416	Trust: 0.1
db:	VULMON	id:	CVE-2022-26747	Trust: 0.1

sources: VULHUB: VHN-417416 // VULMON: CVE-2022-26747 // JVNDB: JVNDB-2022-011253 // PACKETSTORM: 167204 // CNNVD: CNNVD-202205-3448 // NVD: CVE-2022-26747

REFERENCES

url:	https://support.apple.com/en-us/ht213261	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26747	Trust: 0.9
url:	https://cxsecurity.com/cveshow/cve-2022-26747/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051707	Trust: 0.6
url:	https://packetstormsecurity.com/files/167204/apple-security-advisory-2022-05-16-8.html	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24765	Trust: 0.1
url:	https://support.apple.com/ht213261.	Trust: 0.1
url:	https://developer.apple.com/xcode/downloads/	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1

sources: VULHUB: VHN-417416 // VULMON: CVE-2022-26747 // JVNDB: JVNDB-2022-011253 // PACKETSTORM: 167204 // CNNVD: CNNVD-202205-3448 // NVD: CVE-2022-26747

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 167204

SOURCES

db:	VULHUB	id:	VHN-417416
db:	VULMON	id:	CVE-2022-26747
db:	JVNDB	id:	JVNDB-2022-011253
db:	PACKETSTORM	id:	167204
db:	CNNVD	id:	CNNVD-202205-3448
db:	NVD	id:	CVE-2022-26747

LAST UPDATE DATE

2024-08-14T13:04:48.714000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417416	date:	2022-06-07T00:00:00
db:	VULMON	id:	CVE-2022-26747	date:	2022-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-011253	date:	2023-08-21T06:50:00
db:	CNNVD	id:	CNNVD-202205-3448	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2022-26747	date:	2022-06-07T20:14:55.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417416	date:	2022-05-26T00:00:00
db:	VULMON	id:	CVE-2022-26747	date:	2022-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-011253	date:	2023-08-21T00:00:00
db:	PACKETSTORM	id:	167204	date:	2022-05-17T17:18:31
db:	CNNVD	id:	CNNVD-202205-3448	date:	2022-05-16T00:00:00
db:	NVD	id:	CVE-2022-26747	date:	2022-05-26T20:15:08.943