CVE-2021-30888

Advisory lineage Upstream: 0 Downstream: 11
Modified
Published: 24 Aug 2021, 18:49
Last modified:03 Aug 2024, 22:48

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.4 HIGH
v3.1 (nvd)
EPSS Score
0.22% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Aug 2021, 18:49
Published
Vulnerability first disclosed
03 Aug 2024, 22:48
Last Modified
Vulnerability information updated

Description

An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior .

CVSS Metrics

  • v3.1HIGHScore: 7.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.22% Percentile: 44%

Techniques & Countermeasures

  • CWE-601URL Redirection to Untrusted Site ('Open Redirect')

    The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Affected Systems

  • appleios and ipados

    ≥ unspecified, < 15.1 | ≥ unspecified, < 14.8

  • appleipad_os

    < 14.8.1

  • appleipados

    15.0

  • appleiphone_os

    < 14.8.1 | 15.0

  • applemacos

    < 12.0.1 | ≥ unspecified, < 12.0 | ≥ unspecified, < 8.1 | ≥ unspecified, < 15.1

  • appletvos

    < 15.1

  • applewatchos

    < 8.1

References (6)