Private browsing activity disclosure in WebKitGTK+ and WPE WebKit
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-42939 |
| CWE-ID | CWE-532 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
WebKitGTK+ Server applications / Frameworks for developing and running applications WPE WebKit Server applications / Frameworks for developing and running applications |
| Vendor | WebKitGTK |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Inclusion of Sensitive Information in Log Files
EUVDB-ID: #VU86586
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-42939
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows a local local application to gain access to sensitive information.
The vulnerability exists due to WebKit can unexpectedly save private browsing activity into the App Privacy Report. A local application can read the report file and gain access to sensitive data.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWebKitGTK+: All versions
WPE WebKit: All versions
External linkshttp://support.apple.com/en-us/HT213982
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
