Lucene search

[email protected]CVE-2023-24069

HistoryJan 23, 2023 - 7:15 a.m.

CVE-2023-24069

2023-01-2307:15:11

[email protected]

web.nvd.nist.gov

cve-2023-24069

signal desktop

vulnerability

local access

sensitive data

file recovery

nvd

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

Affected configurations

NVD

Node

signalsignal-desktopRange≤6.2.0

AND

applemacosMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

CPENameOperatorVersion
signal:signal-desktopsignal signal-desktople6.2.0

CPE	Name	Operator	Version
signal:signal-desktop	signal signal-desktop	le	6.2.0

References

johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/

signal.org/download/linux

signal.org/download/macos

signal.org/en/download/windows

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVE-2023-24069

prion1 vulnrichment1 nvd1 cvelist1