{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-23273","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2024-01-12T22:22:21.498Z","datePublished":"2024-03-08T01:35:54.940Z","dateUpdated":"2026-04-02T18:20:11.618Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"Private Browsing tabs may be accessed without authentication"}]}],"affected":[{"vendor":"Apple","product":"Safari","versions":[{"version":"0","status":"affected","lessThan":"17.4","versionType":"custom"}]},{"vendor":"Apple","product":"iOS and iPadOS","versions":[{"version":"0","status":"affected","lessThan":"17.4","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"0","status":"affected","lessThan":"14.4","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication."}],"references":[{"url":"https://support.apple.com/en-us/120893"},{"url":"https://support.apple.com/en-us/120894"},{"url":"https://support.apple.com/en-us/120895"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2026-04-02T18:20:11.618Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT214081","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT214089","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT214084","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/20","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/21","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214089"},{"url":"https://support.apple.com/kb/HT214084"},{"url":"https://support.apple.com/kb/HT214081"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T18:27:10.314Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-295","lang":"en","description":"CWE-295 Improper Certificate Validation"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-08-27T19:31:28.016236Z","id":"CVE-2024-23273","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-30T19:43:36.912Z"}}]}}