CVE-2024-38272

There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file dialog on QuickShare Windows. Normally in QuickShare Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quickshare or above

CVSS

No CVSS.

References

Link	Resource
https://github.com/google/nearby/pull/2402
https://github.com/google/nearby/pull/2589

Configurations

No configuration.

History

27 Jun 2024, 12:47

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad en Quickshare/Nearby donde un atacante puede omitir el cuadro de diálogo de aceptación de archivos en QuickShare Windows. Normalmente, en la aplicación QuickShare para Windows no podemos enviar un archivo sin que el usuario lo acepte desde el dispositivo receptor si la visibilidad está configurada en el modo todos o el modo contactos. Recomendamos actualizar a la versión 1.0.1724.0 de Quickshare o superior

26 Jun 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-26 16:15

Updated : 2024-06-27 12:47

NVD link : CVE-2024-38272

Mitre link : CVE-2024-38272

CVE.ORG link : CVE-2024-38272

JSON object : View

Products Affected

No product.

CWE

CWE-294

Authentication Bypass by Capture-replay

JSON object

Attach tags to CVE-2024-38272

Attach tags to `CVE-2024-38272`