Keybase 信息泄露漏洞

Keybase is a PGP-based social networking platform that supports end-to-end encryption. keybase is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to disclose sensitive information that should be removed from a user's file system...

PT-2022-15670 · Keybase · Keybase Client

Name of the Vulnerable Software and Affected Versions: Keybase Clients for macOS and Windows versions prior to 5.9.0 Description: The issue arises when a user initiates exploded messages, and the receiving user switches to a non-chat feature, putting the host in a sleep state before the messages...

CVE-2022-22779

The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to...

CVE-2021-34426

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to...

CVE-2021-34426

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to...

Command injection

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to...

CVE-2021-34426 Arbitrary command execution in Keybase Client for Windows

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to...

CVE-2021-34426

Affected product: Keybase Client for Windows. Vulnerable in versions before 5.6.0 when a user runs the command “keybase git lfs-config” on the command line. A malicious actor with write access to a user’s Git repository could potentially execute arbitrary Windows commands on the user’s local syst...

Keybase 安全漏洞

Keybase is a social networking platform that supports end-to-end encryption based on PGP technology. A security vulnerability in the Windows version of the Keybase client prior to version 5.6.0 can be exploited by malicious actors with write access to a user's Git repository to execute arbitrary...

Vulnerabilities fixed in Zoom

Zoom has fixed several vulnerabilities in the Zoom client and connector. A malicious party could potentially exploit them to cause a denial-of-service, to execute arbitrary code with user privileges, or to gain access to sensitive data. The most serious vulnerability is in the windows client, in...

Keybase path traversal vulnerability

Keybase is a PGP technology-based social networking platform that supports end-to-end encryption.Keybase Client for Windows prior to version 5.7.0 is vulnerable to a path traversal vulnerability that stems from a networked system or product failing to properly filter special elements in a resourc...

Keybase Information Disclosure Vulnerability

Keybase is a social networking platform based on PGP technology that supports end-to-end encryption.An information disclosure vulnerability exists in Keybase Client for Android before version 5.8.0 and Keybase Client for iOS before version 5.8.0, which stems from the client's inability to properl...

CVE-2021-34422

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application whi...

CVE-2021-34422

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application whi...

CVE-2021-34421

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to...

CVE-2021-34421

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to...

Design/Logic Flaw

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to...

Path traversal

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application whi...

CVE-2021-34421

The CVE-2021-34421 issue affects the Keybase Client for Android and iOS prior to version 5.8.0. The root cause is a failure to properly remove “exploded” messages when the recipient places the chat session in the background while the sender explodes messages, potentially leading to disclosure of ...

CVE-2021-34421 Retained exploded messages in Keybase Clients for Android and iOS

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to...