CVE-2023-24069 - OpenCVE

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Macos
Linux	Linux Kernel
Microsoft	Windows
Signal	Signal-desktop

Configuration 1 [-]

AND

cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
https://signal.org/download/linux
https://signal.org/download/macos
https://signal.org/en/download/windows

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-23T00:00:00

Updated: 2024-08-02T10:49:09.028Z

Reserved: 2023-01-23T00:00:00

Link: CVE-2023-24069

Vulnrichment

Updated: 2024-08-02T10:49:09.028Z

NVD

Status : Modified

Published: 2023-01-23T07:15:11.137

Modified: 2024-08-02T11:16:10.287

Link: CVE-2023-24069

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24069", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T10:49:09.028Z", "dateReserved": "2023-01-23T00:00:00", "datePublished": "2023-01-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-24T00:00:00"}, "descriptions": [{"lang": "en", "value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://signal.org/en/download/windows"}, {"url": "https://signal.org/download/macos"}, {"url": "https://signal.org/download/linux"}, {"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24069", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T15:22:50.145630Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*"], "vendor": "signal", "product": "signal-desktop", "versions": [{"status": "affected", "version": "6.2.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:21:25.149Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:49:09.028Z"}, "title": "CVE Program Container", "references": [{"url": "https://signal.org/en/download/windows", "tags": ["x_transferred"]}, {"url": "https://signal.org/download/macos", "tags": ["x_transferred"]}, {"url": "https://signal.org/download/linux", "tags": ["x_transferred"]}, {"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://signal.org/en/download/windows", "tags": ["x_transferred"]}, {"url": "https://signal.org/download/macos", "tags": ["x_transferred"]}, {"url": "https://signal.org/download/linux", "tags": ["x_transferred"]}, {"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:49:09.028Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24069", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T15:22:50.145630Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*"], "vendor": "signal", "product": "signal-desktop", "versions": [{"status": "affected", "version": "6.2.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T15:25:44.104Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://signal.org/en/download/windows"}, {"url": "https://signal.org/download/macos"}, {"url": "https://signal.org/download/linux"}, {"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"}], "descriptions": [{"lang": "en", "value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-24T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-24069", "state": "PUBLISHED", "dateUpdated": "2024-08-02T10:49:09.028Z", "dateReserved": "2023-01-23T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-01-23T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "C74B8BD8-C2D0-4E46-B228-97E539D033AD", "versionEndIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."}, {"lang": "es", "value": "Signal Desktop anterior a 6.2.0 en Windows, Linux y macOS permite a un atacante obtener archivos adjuntos potencialmente confidenciales enviados en mensajes desde el directorio attachments.noindex. Los archivos adjuntos almacenados en cach\u00e9 no se borran de manera efectiva. En algunos casos, incluso despu\u00e9s de la eliminaci\u00f3n de un archivo por iniciativa propia, un atacante a\u00fan puede recuperar el archivo si ya se le respondi\u00f3 en una conversaci\u00f3n. (El atacante necesita acceso al sistema de archivos local). NOTA: el proveedor cuestiona la relevancia de este hallazgo porque el producto no est\u00e1 destinado a proteger contra adversarios con este grado de acceso local."}], "id": "CVE-2023-24069", "lastModified": "2024-08-02T11:16:10.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-23T07:15:11.137", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://signal.org/download/linux"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://signal.org/download/macos"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://signal.org/en/download/windows"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}