CVE-2023-24069

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/	Exploit Third Party Advisory
https://signal.org/download/linux	Product Vendor Advisory
https://signal.org/download/macos	Product Vendor Advisory
https://signal.org/en/download/windows	Product Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

21 Mar 2024, 02:46

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-01-23 07:15

Updated : 2024-04-11 01:18

NVD link : CVE-2023-24069

Mitre link : CVE-2023-24069

CVE.ORG link : CVE-2023-24069

JSON object : View

Products Affected

apple

macos

linux

linux_kernel

microsoft

windows

signal

signal-desktop

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-24069", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-01-23T07:15:11.137", "references": [{"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://signal.org/download/linux", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://signal.org/download/macos", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://signal.org/en/download/windows", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."}, {"lang": "es", "value": "Signal Desktop anterior a 6.2.0 en Windows, Linux y macOS permite a un atacante obtener archivos adjuntos potencialmente confidenciales enviados en mensajes desde el directorio attachments.noindex. Los archivos adjuntos almacenados en cach\u00e9 no se borran de manera efectiva. En algunos casos, incluso despu\u00e9s de la eliminaci\u00f3n de un archivo por iniciativa propia, un atacante a\u00fan puede recuperar el archivo si ya se le respondi\u00f3 en una conversaci\u00f3n. (El atacante necesita acceso al sistema de archivos local). NOTA: el proveedor cuestiona la relevancia de este hallazgo porque el producto no est\u00e1 destinado a proteger contra adversarios con este grado de acceso local."}], "lastModified": "2024-04-11T01:18:59.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C74B8BD8-C2D0-4E46-B228-97E539D033AD", "versionEndIncluding": "6.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}