Bug 1088011 - (CVE-2017-2493) VUL-0: CVE-2017-2493: webkit2gtk3: An issue was discovered in certain Apple products. iOS before 10.3 isaffected. Safari before 10.1 is affected. iCloud before 6.2 on Windowsis affected. tvOS before 10.2 is affected. The issue involves th
(CVE-2017-2493)
VUL-0: CVE-2017-2493: webkit2gtk3: An issue was discovered in certain Apple p...
Status: RESOLVED NORESPONSE
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Scott Reeves
Security Team bot
https://smash.suse.de/issue/203041/
CVSSv3:SUSE:CVE-2017-2493:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-04 06:39 UTC by Marcus Meissner
Modified: 2018-04-20 22:37 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-04-04 06:39:55 UTC
CVE-2017-2493

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site. 

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2493
Comment 1 Marcus Meissner 2018-04-04 06:41:14 UTC
(as not much more info is available this is hard to match)
Comment 2 Scott Reeves 2018-04-19 16:40:13 UTC
Hi Marcus - this CVE is still marked as "awaiting analysis" and following the references really gives no indication where exactly the vulnerability lies. Do you have an idea on how you want me to move forward with this?  Can we downgrade it, or assign to the security team for holding until some more info becomes available, or ... ?
Comment 3 Marcus Meissner 2018-04-20 12:09:48 UTC
as we do not know more I would say we need to close the bug.

If a webkit2gtk3 update contains it, it will get referenced.