CVE-2022-22585

high

Description

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.

References

https://support.apple.com/en-us/103177

https://support.apple.com/en-us/103175

https://support.apple.com/en-us/103173

https://support.apple.com/en-us/103172

https://support.apple.com/en-us/102848

https://support.apple.com/en-us/HT213059

https://support.apple.com/en-us/HT213057

https://support.apple.com/en-us/HT213055

https://support.apple.com/en-us/HT213054

https://support.apple.com/en-us/HT213053

Details

Source: Mitre, NVD

Published: 2022-03-18

Updated: 2022-03-28

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High