Skip to main content

Insecure Storage of Sensitive Information

CVE-2019-8790

Severity Medium
Score 5.5/10

Summary

This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-922 - Insecure Storage of Sensitive Information

The software stores sensitive information without properly limiting read or write access by unauthorized actors.

References

Advisory Timeline

  • Published