2236844 – (CVE-2023-27954) CVE-2023-27954 webkitgtk: Website may be able to track sensitive user information

Bug 2236844 (CVE-2023-27954) - CVE-2023-27954 webkitgtk: Website may be able to track sensitive user information

Summary: CVE-2023-27954 webkitgtk: Website may be able to track sensitive user informa...

Keywords:
Status:	NEW
Alias:	CVE-2023-27954
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2236849 2236850 2239376
Blocks:	2236851
TreeView+	depends on / blocked

Reported:	2023-09-01 18:35 UTC by Pedro Sampaio
Modified:	2023-11-14 15:19 UTC (History)
CC List:	3 users (show)
Fixed In Version:	webkitgtk 2.38.6, webkitgtk 2.40.1
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in WebKitGTK. This security issue leads to tracking sensitive user information via a website.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:6535	0	None	None	None	2023-11-07 08:19:03 UTC
Red Hat Product Errata	RHSA-2023:7055	0	None	None	None	2023-11-14 15:19:37 UTC

Description Pedro Sampaio 2023-09-01 18:35:21 UTC

Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40 branch before 2.40.1.
Impact: A website may be able to track sensitive user information. Description: The issue was addressed by removing origin information.

References:

https://webkitgtk.org/security/WSA-2023-0003.html

Comment 2 Sandipan Roy 2023-09-18 05:11:09 UTC

Created webkitgtk tracking bugs for this issue:

Affects: fedora-all [bug 2239376]

Comment 3 errata-xmlrpc 2023-11-07 08:19:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6535 https://access.redhat.com/errata/RHSA-2023:6535

Comment 4 errata-xmlrpc 2023-11-07 08:19:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6535 https://access.redhat.com/errata/RHSA-2023:6535

Comment 5 errata-xmlrpc 2023-11-14 15:19:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7055 https://access.redhat.com/errata/RHSA-2023:7055

Note You need to log in before you can comment on or make changes to this bug.