CVE-2024-40794 - Vulnerability Details

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Macos Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/15
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/18
https://nvd.nist.gov/vuln/detail/CVE-2024-40794
https://support.apple.com/en-us/HT214117
https://support.apple.com/en-us/HT214119
https://support.apple.com/en-us/HT214121
https://www.cve.org/CVERecord?id=CVE-2024-40794

History

Fri, 14 Mar 2025 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-287

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 23 Aug 2024 15:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:apple:safari::::::::	cpe:2.3:a:apple:safari::::::::

Fri, 23 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple safari
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:safari::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple safari
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-07-29T22:17:20.010Z

Updated: 2025-03-14T18:21:02.523Z

Reserved: 2024-07-10T17:11:04.690Z

Link: CVE-2024-40794

Vulnrichment

Updated: 2024-08-02T04:39:54.874Z

NVD

Status : Modified

Published: 2024-07-29T23:15:12.410

Modified: 2025-03-14T19:15:46.877

Link: CVE-2024-40794

Redhat

Severity : Important

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-40794 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object