{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-40425","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2023-08-14T20:26:36.259Z","datePublished":"2023-10-25T18:31:53.553Z","dateUpdated":"2025-06-12T14:54:55.238Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"A privacy issue was addressed with improved private data redaction for log entries."}]}],"affected":[{"vendor":"Apple","product":"macOS","versions":[{"version":"unspecified","status":"affected","lessThan":"14","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"unspecified","status":"affected","lessThan":"12.7","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information."}],"references":[{"url":"https://support.apple.com/en-us/120950"},{"url":"https://support.apple.com/en-us/109055"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2025-04-11T14:53:58.715Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T18:31:53.851Z"},"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT213983","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT213983","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2023/Oct/21","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-532","lang":"en","description":"CWE-532 Insertion of Sensitive Information into Log File"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.4,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"HIGH","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-09-10T15:49:02.424478Z","id":"CVE-2023-40425","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-12T14:54:55.238Z"}}]}}