14 matches found
CVE-2022-23605
Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...
EUVD-2022-28575
Malicious code in bioql PyPI...
EUVD-2023-34248
Malicious code in bioql PyPI...
EUVD-2024-42149
Malicious code in bioql PyPI...
CVE-2024-46936
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...
CVE-2024-46936
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...
PT-2024-32287 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions 6.12.0 through 6.7.8 and before Description: The issue allows attackers to abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose, leading to a message forgery and impersonatio...
CVE-2024-46936
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...
CVE-2024-46936
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...
CVE-2023-2792 Ephemeral messages return private channel contents in permalink previews
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command...
Design/Logic Flaw
Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...
CVE-2022-23605 Expired Ephemeral Messages not reliably removed in wire-webapp
Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...
CVE-2022-23605
CVE-2022-23605 affects Wire Webapp: expired ephemeral messages were not reliably removed from local chat history and, in affected versions prior to 2022-01-27-production.0, ephemeral messages/assets could be accessible via the local search function. Viewing a message in chat view triggers deletio...
CVE-2022-23605 Expired Ephemeral Messages not reliably removed in wire-webapp
Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...