CVE-2022-22594

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions WebKitGTK and WPE WebKit versions prior to the fixed version Safari versions prior to 15.3 iOS versions prior to 15.3 iPadOS versions prior to 15.3 watchOS versions prior to 8.4 tvOS versions prior to 15.3 macOS Monterey versions prior to 12.2

Description The issue is related to a cross-origin problem in the IndexDB API, which has been addressed with improved input validation. This problem may allow a remote attacker to gain unauthorized access to protected information. A website may be able to track sensitive user information.

Recommendations For WebKitGTK and WPE WebKit, update to a version that includes the fix for the IndexDB API issue. For Safari, update to version 15.3 or later. For iOS, update to version 15.3 or later. For iPadOS, update to version 15.3 or later. For watchOS, update to version 8.4 or later. For tvOS, update to version 15.3 or later. For macOS Monterey, update to version 12.2 or later. As a temporary workaround, consider restricting access to the IndexDB API until a patch is available.

Exploit

Fix

Information Disclosure

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-346

Related Identifiers

ALSA-2022:1777

BDU:2022-00734

CESA-2022_1777

CVE-2022-22594

DSA-5060-1

DSA-5061-1

OPENSUSE-SU-2022_1431-1

RHSA-2022:1777

RHSA-2022_1777

RHSA-2025:10364

RLSA-2022:1777

SUSE-SU-2022:0690-1

SUSE-SU-2022:0703-1

SUSE-SU-2022:1431-1

SUSE-SU-2022:1511-1

SUSE-SU-2022:1677-1

SUSE-SU-2022_1511-1

SUSE-SU-2022_1677-1

Affected Products

Almalinux

Astra Linux

Centos

Apple Macos

Red Hat

Rocky Linux

Safari

Suse

Wpe Webkit

Webkitgtk

Ios

Ipados

Macos Monterey

Tvos

Watchos

CVE-2022-22594

Weakness Enumeration

Related Identifiers

Affected Products

References · 128