{
  "threat_severity" : "Moderate",
  "public_date" : "2024-01-22T00:00:00Z",
  "bugzilla" : {
    "description" : "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
    "id" : "2269743",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
    "status" : "draft"
  },
  "details" : [ "An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user.", "A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass the security restriction by using a specially crafted malicious website to fingerprint the victim." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk4",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "webkit2gtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "webkit2gtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-23206\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23206\nhttps://webkitgtk.org/security/WSA-2024-0001.html" ],
  "name" : "CVE-2024-23206",
  "csaw" : false
}