U.S. Dept Of Defense: Applicant security exam Attachments/Documents accessible through an IDOR/BAC on the custom Apex controller on https://█████.mil

The applicant security exam contained an Insecure Direct Object Reference IDOR vulnerability on the custom Apex controller on the https://█████.mil portal. The vulnerability allowed an attacker to switch the ownership of any Attachment record and access the files, which contained sensitive...

CVE-2023-24069

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker ca...

Arbitrary file deletion

DISPUTED Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an...

Signal Desktop 安全漏洞

Signal Desktop is a desktop version of a live chat application with encryption. A security vulnerability exists in Signal Desktop versions prior to 6.2.0. An attacker can exploit the vulnerability to obtain sensitive attachments in the attachments.noindex directory...

CVE-2023-24069

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker ca...