3 matches found
CVE-2020-4045
SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...
CVE-2020-4045
SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...
CVE-2020-4045
SSB-DB 20.0.0 contains an information-disclosure vulnerability in the get() method that can decrypt any decryptable message and return private data. The issue affects peers with private messages, and exploitation is tied to SSB-OOO (default in SSB-Server), which exposes a wrapper around get() to ...