Lucene search

GoogleOSV:CVE-2022-43673

HistoryNov 18, 2022 - 8:15 p.m.

CVE-2022-43673

2022-11-1820:15:10

Google

osv.dev

wire

windows

deletion

messages

appdata

indexeddb

database

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.9%

JSON

Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.

CPENameOperatorVersion
wire-desktopeqwindows/3.7.2917
wire-desktopeqrelease/2.11.2661
wire-desktopeqrelease/2.9.2648
wire-desktopeqrelease/3.1.2822
wire-desktopeqrelease/3.4.2883
wire-desktopeqrelease/2.11.2660
wire-desktopeqrelease/2.11.2721
wire-desktopeqrelease/2.13.2737
wire-desktopeqrelease/2.11.2718
wire-desktopeqrelease/2.11.2680

Name	Operator	Version
wire-desktop	eq	windows/3.7.2917
wire-desktop	eq	release/2.11.2661
wire-desktop	eq	release/2.9.2648
wire-desktop	eq	release/3.1.2822
wire-desktop	eq	release/3.4.2883
wire-desktop	eq	release/2.11.2660
wire-desktop	eq	release/2.11.2721
wire-desktop	eq	release/2.13.2737
wire-desktop	eq	release/2.11.2718
wire-desktop	eq	release/2.11.2680

Rows per page:

1-10 of 1701

References

wire.com/

www.secuvera.de/advisories/secuvera-SA-2022-01.txt

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.9%

JSON

Related for OSV:CVE-2022-43673