CVE Vulnerability

CVE-2019-8790

This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/HT210647 Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:apple:swift:*:*:*:*:*:ubuntu:*:*
Information

Published : 2020-10-27 08:15

Updated : 2020-11-03 03:03

NVD link : CVE-2019-8790

Mitre link : CVE-2019-8790

Products Affected
No products.
CWE
CWE-922