CVE-2022-32786

MEDIUM

macOS - Unprotected User Data Exposure via Environment Variable Handling

Title source: llm
STIX 2.1

Description

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213345
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213344
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213343

Scores

CVSS v3 5.5
EPSS 0.0010
EPSS Percentile 27.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (3)
apple/mac_os_x 10.15.7 security_update_2020-001 (12 CPE variants)
apple/macos 10.15.7 (2 CPE variants)
apple/macos < 10.15.7
Published Sep 23, 2022
Tracked Since Feb 18, 2026