CVE-2023-24069 - OpenCVE

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Signal	Signal-desktop
Microsoft	Windows
Apple	Macos

Configuration 1 [-]

AND

cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

References

Link	Resource
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/	Exploit Third Party Advisory
https://signal.org/download/linux	Product Vendor Advisory
https://signal.org/download/macos	Product Vendor Advisory
https://signal.org/en/download/windows	Product Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-23T00:00:00

Updated: 2024-06-04T17:21:25.149Z

Reserved: 2023-01-23T00:00:00

Link: CVE-2023-24069

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-23T07:15:11.137

Modified: 2024-06-04T19:17:23.460

Link: CVE-2023-24069

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24069", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-06-04T17:21:25.149Z", "dateReserved": "2023-01-23T00:00:00", "datePublished": "2023-01-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-24T00:00:00"}, "descriptions": [{"lang": "en", "value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://signal.org/en/download/windows"}, {"url": "https://signal.org/download/macos"}, {"url": "https://signal.org/download/linux"}, {"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24069", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T15:22:50.145630Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*"], "vendor": "signal", "product": "signal-desktop", "versions": [{"status": "affected", "version": "6.2.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:21:25.149Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "C74B8BD8-C2D0-4E46-B228-97E539D033AD", "versionEndIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."}, {"lang": "es", "value": "Signal Desktop anterior a 6.2.0 en Windows, Linux y macOS permite a un atacante obtener archivos adjuntos potencialmente confidenciales enviados en mensajes desde el directorio attachments.noindex. Los archivos adjuntos almacenados en cach\u00e9 no se borran de manera efectiva. En algunos casos, incluso despu\u00e9s de la eliminaci\u00f3n de un archivo por iniciativa propia, un atacante a\u00fan puede recuperar el archivo si ya se le respondi\u00f3 en una conversaci\u00f3n. (El atacante necesita acceso al sistema de archivos local). NOTA: el proveedor cuestiona la relevancia de este hallazgo porque el producto no est\u00e1 destinado a proteger contra adversarios con este grado de acceso local."}], "id": "CVE-2023-24069", "lastModified": "2024-06-04T19:17:23.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-23T07:15:11.137", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://signal.org/download/linux"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://signal.org/download/macos"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://signal.org/en/download/windows"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}