CVE-2019-7289

5.5MEDIUM

Key Information:

Vendor: Apple
Status: Shortcuts
Vendor: CVE Published:; 18 December 2019

Summary

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information.

Affected Version(s)

Shortcuts < unspecified

References

https://support.apple.com/HT209522

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Jan 31, 2019