Information disclosure in WebKitGTK+

#VU61333 Information disclosure in WebKitGTK+

Published: 2022-03-14 | Updated: 2022-07-05

Vulnerability identifier: #VU61333

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-22662

CWE-ID:

Exploitation vector: Network

Exploit availability:

Vulnerable software:
WebKitGTK+
Server applications / Frameworks for developing and running applications

Vendor: WebKitGTK

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a cookie management issue in WebKit. A remote attacker can trick the victim to open a specially crafted webpage and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: All versions

Fixed software versions

CPE

cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*

External links
http://support.apple.com/en-us/HT213183

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Migration Toolkit for Virtualization 2.4

Multiple vulnerabilities in Secondary Scheduler Operator for Red Hat OpenShift

Multiple vulnerabilities in OpenShift API for Data Protection (OADP) 1.1

Multiple vulnerabilities in Red Hat Migration Toolkit for Applications

Multiple vulnerabilities in OpenShift Developer Tools and Services

Red Hat Advanced Cluster Management for Kubernetes 2.6 update for Submariner

Multiple vulnerabilities in OpenShift Serverless

Multiple vulnerabilities in Submariner

Multiple vulnerabilities in Red Hat OpenShift Service Mesh 2.3

Multiple vulnerabilities in Migration Toolkit for Runtimes