CVE-2019-8790 : This issue was addresses by updating incorrect URLSession file descriptors manag

This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.

Published 2020-10-27 20:15:20

Updated 2020-11-03 15:03:23

Source Apple Inc.

View at NVD, CVE.org

Products affected by CVE-2019-8790

Apple » Swift » For Ubuntu
Versions before (<) 5.1.1
cpe:2.3:a:apple:swift:*:*:*:*:*:ubuntu:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-8790

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-8790

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2019-8790

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-8790

https://support.apple.com/en-us/HT210647

About the security content of Swift 5.1.1 for Ubuntu - Apple Support
Release Notes;Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-8790

Products affected by CVE-2019-8790

Exploit prediction scoring system (EPSS) score for CVE-2019-8790

CVSS scores for CVE-2019-8790

CWE ids for CVE-2019-8790

References for CVE-2019-8790