CVE-2023-24069
Published on: Not Yet Published
Last Modified on: 01/26/2023 09:18:00 PM UTC
The following vulnerability was found:
** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
- CVE-2023-24069 has been assigned by
[email protected] to track the vulnerability
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Signal >> Download Signal for Windows | signal.org text/html |
![]() |
John J Hacking | johnjhacking.com text/html |
![]() |
Signal >> Download Signal for Mac | signal.org text/html |
![]() |
Signal >> Download Signal for Linux | signal.org text/html |
![]() |
There are currently no QIDs associated with this CVE
There are no known software configurations (CPEs) currently associated with this CVE
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
Enjoy. Rather than read manic threads thrown all over the place, I've organized it for you - neatly :) johnjhacking.com/blog/cve-2023-… #infosec | 2023-01-23 06:07:35 |
![]() |
CVE-2023-24069 : Signal Desktop before 6.2.0 on #Windows, #Linux, and macOS allows an attacker to obtain potentiall… twitter.com/i/web/status/1… | 2023-01-23 07:06:00 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage #research #messanger… twitter.com/i/web/status/1… | 2023-01-23 11:13:31 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage | 2023-01-24 14:40:53 |
![]() |
Signal Client v6.2 and earlier versions vulnerable to CVE-2023–24068 & CVE-2023–24069 | 2023-01-24 07:51:28 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage | 2023-01-24 07:38:50 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage | 2023-01-24 07:37:46 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage | 2023-01-24 19:37:59 |