{
  "threat_severity" : "Moderate",
  "public_date" : "2024-03-07T00:00:00Z",
  "bugzilla" : {
    "description" : "webkit: maliciously crafted webpage may be able to fingerprint the user",
    "id" : "2270291",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2270291"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
    "status" : "verified"
  },
  "details" : [ "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.", "A flaw was found in WebKit. This flaw allows remote attackers to bypass security restrictions through an injection issue by persuading a victim to access a specially crafted website, enabling the attackers to fingerprint the user." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-07T00:00:00Z",
    "advisory" : "RHSA-2025:10364",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "webkitgtk4-0:2.48.3-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-27T00:00:00Z",
    "advisory" : "RHSA-2024:10481",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.46.3-2.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-10-16T00:00:00Z",
    "advisory" : "RHSA-2024:8180",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "webkit2gtk3-0:2.46.1-2.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-23280\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23280\nhttps://seclists.org/fulldisclosure/2024/Mar/21" ],
  "name" : "CVE-2024-23280",
  "csaw" : false
}