CVE-2022-26707

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT213257	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213257	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:54

Type	Values Removed	Values Added
References	~~() https://support.apple.com/en-us/HT213257 - Release Notes, Vendor Advisory~~	() https://support.apple.com/en-us/HT213257 - Release Notes, Vendor Advisory

Information

Published : 2022-09-23 19:15

Updated : 2025-05-22 16:15

NVD link : CVE-2022-26707

Mitre link : CVE-2022-26707

CVE.ORG link : CVE-2022-26707

JSON object : View

Products Affected

apple

macos

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2022-26707", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-09-23T19:15:11.407", "references": [{"url": "https://support.apple.com/en-us/HT213257", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213257", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information."}, {"lang": "es", "value": "Se abord\u00f3 un problema en el manejo de las variables de entorno con una comprobaci\u00f3n mejorada. Este problema ha sido corregido en macOS Monterey versi\u00f3n 12.4. Es posible que un usuario pueda visualizar informaci\u00f3n confidencial del usuario.\n"}], "lastModified": "2025-05-22T16:15:51.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56A8A170-44A7-4334-88B0-CB4413E28E53", "versionEndExcluding": "12.4", "versionStartIncluding": "12.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}