CVE-2023-24069
Published on: Not Yet Published
Last Modified on: 02/02/2023 02:12:00 PM UTC
Certain versions of Macos from Apple contain the following vulnerability:
** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
- CVE-2023-24069 has been assigned by
[email protected] to track the vulnerability - currently rated as LOW severity.
CVSS3 Score: 3.3 - LOW
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Signal >> Download Signal for Windows | signal.org text/html |
![]() |
John J Hacking | johnjhacking.com text/html |
![]() |
Signal >> Download Signal for Mac | signal.org text/html |
![]() |
Signal >> Download Signal for Linux | signal.org text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Apple | Macos | - | All | All | All |
Operating System | Linux | Linux Kernel | - | All | All | All |
Operating System | Microsoft | Windows | - | All | All | All |
Application | Signal | Signal-desktop | All | All | All | All |
- cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*:
- cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
Enjoy. Rather than read manic threads thrown all over the place, I've organized it for you - neatly :) johnjhacking.com/blog/cve-2023-… #infosec | 2023-01-23 06:07:35 |
![]() |
CVE-2023-24069 : Signal Desktop before 6.2.0 on #Windows, #Linux, and macOS allows an attacker to obtain potentiall… twitter.com/i/web/status/1… | 2023-01-23 07:06:00 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage #research #messanger… twitter.com/i/web/status/1… | 2023-01-23 11:13:31 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage | 2023-01-24 14:40:53 |
![]() |
Signal Client v6.2 and earlier versions vulnerable to CVE-2023–24068 & CVE-2023–24069 | 2023-01-24 07:51:28 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage | 2023-01-24 07:38:50 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage | 2023-01-24 07:37:46 |
![]() |
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage | 2023-01-24 19:37:59 |