#VU61333 Information disclosure in WebKitGTK+ - CVE-2022-22662

Cybersecurity Help s.r.o.

Published: 2022-03-14 | Updated: 2022-07-05

Vulnerability identifier: #VU61333

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-22662

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
WebKitGTK+
Server applications / Frameworks for developing and running applications

Vendor: WebKitGTK

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a cookie management issue in WebKit. A remote attacker can trick the victim to open a specially crafted webpage and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: All versions

External links
https://support.apple.com/en-us/HT213183

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Migration Toolkit for Virtualization 2.4

Multiple vulnerabilities in Secondary Scheduler Operator for Red Hat OpenShift

Multiple vulnerabilities in OpenShift API for Data Protection (OADP) 1.1

Multiple vulnerabilities in Red Hat Migration Toolkit for Applications

Multiple vulnerabilities in OpenShift Developer Tools and Services

Red Hat Advanced Cluster Management for Kubernetes 2.6 update for Submariner

Multiple vulnerabilities in OpenShift Serverless

Multiple vulnerabilities in Submariner

Multiple vulnerabilities in Red Hat OpenShift Service Mesh 2.3

Multiple vulnerabilities in Migration Toolkit for Runtimes