{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-42829","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2023-09-14T19:05:11.448Z","datePublished":"2024-01-10T22:03:52.901Z","dateUpdated":"2025-06-16T18:35:22.300Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"An app may be able to access SSH passphrases"}]}],"affected":[{"vendor":"Apple","product":"macOS","versions":[{"version":"unspecified","status":"affected","lessThan":"13.5","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"unspecified","status":"affected","lessThan":"11.7","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"unspecified","status":"affected","lessThan":"12.6","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases."}],"references":[{"url":"https://support.apple.com/en-us/HT213843"},{"url":"https://support.apple.com/en-us/HT213845"},{"url":"https://support.apple.com/en-us/HT213844"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2024-01-10T22:03:52.901Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:30:24.614Z"},"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT213843","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213845","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213844","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-03-21T19:44:11.901359Z","id":"CVE-2023-42829","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-16T18:35:22.300Z"}}]}}