Vulnerabilites related to signal - signal-desktop
cve-2023-24068
Vulnerability from cvelistv5
Published
2023-01-23 00:00
Modified
2024-08-22 14:50
Severity ?
EPSS score ?
Summary
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:49:08.961Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://signal.org/en/download/windows", }, { tags: [ "x_transferred", ], url: "https://signal.org/download/macos", }, { tags: [ "x_transferred", ], url: "https://signal.org/download/linux", }, { tags: [ "x_transferred", ], url: "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "signal-desktop", vendor: "signal", versions: [ { lessThan: "6.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-24068", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-16T14:37:21.248850Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-22T14:50:55.598Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://signal.org/en/download/windows", }, { url: "https://signal.org/download/macos", }, { url: "https://signal.org/download/linux", }, { url: "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24068", datePublished: "2023-01-23T00:00:00", dateReserved: "2023-01-23T00:00:00", dateUpdated: "2024-08-22T14:50:55.598Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10994
Vulnerability from cvelistv5
Published
2018-05-14 23:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://twitter.com/ortegaalfredo/status/995940738839056384 | x_refsource_MISC | |
| https://twitter.com/bcrypt/status/995057030304952320 | x_refsource_MISC | |
| https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1 | x_refsource_MISC | |
| https://twitter.com/lorenzoFB/status/995048605399633926 | x_refsource_MISC | |
| https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.117Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/ortegaalfredo/status/995940738839056384", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/bcrypt/status/995057030304952320", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/lorenzoFB/status/995048605399633926", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-14T23:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/ortegaalfredo/status/995940738839056384", }, { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/bcrypt/status/995057030304952320", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1", }, { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/lorenzoFB/status/995048605399633926", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10994", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://twitter.com/ortegaalfredo/status/995940738839056384", refsource: "MISC", url: "https://twitter.com/ortegaalfredo/status/995940738839056384", }, { name: "https://twitter.com/bcrypt/status/995057030304952320", refsource: "MISC", url: "https://twitter.com/bcrypt/status/995057030304952320", }, { name: "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1", refsource: "MISC", url: "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1", }, { name: "https://twitter.com/lorenzoFB/status/995048605399633926", refsource: "MISC", url: "https://twitter.com/lorenzoFB/status/995048605399633926", }, { name: "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea", refsource: "MISC", url: "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10994", datePublished: "2018-05-14T23:00:00", dateReserved: "2018-05-11T00:00:00", dateUpdated: "2024-08-05T07:54:36.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19954
Vulnerability from cvelistv5
Published
2019-12-24 14:07
Modified
2024-08-05 02:32
Severity ?
EPSS score ?
Summary
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/ | x_refsource_MISC | |
| https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:32:10.064Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\\node_modules\\.bin\\wmic.exe file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-24T14:07:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19954", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\\node_modules\\.bin\\wmic.exe file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/", refsource: "MISC", url: "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/", }, { name: "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688", refsource: "MISC", url: "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19954", datePublished: "2019-12-24T14:07:20", dateReserved: "2019-12-24T00:00:00", dateUpdated: "2024-08-05T02:32:10.064Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14023
Vulnerability from cvelistv5
Published
2018-08-20 22:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
References
| ▼ | URL | Tags |
|---|---|---|
| http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1 | x_refsource_MISC | |
| https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:21:40.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-08-17T00:00:00", descriptions: [ { lang: "en", value: "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-20T21:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1", }, { tags: [ "x_refsource_MISC", ], url: "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14023", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1", refsource: "MISC", url: "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1", }, { name: "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop", refsource: "MISC", url: "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14023", datePublished: "2018-08-20T22:00:00", dateReserved: "2018-07-12T00:00:00", dateUpdated: "2024-08-05T09:21:40.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24069
Vulnerability from cvelistv5
Published
2023-01-23 00:00
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "signal-desktop", vendor: "signal", versions: [ { status: "affected", version: "6.2.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-24069", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-01T15:22:50.145630Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:21:25.149Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:49:09.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://signal.org/en/download/windows", }, { tags: [ "x_transferred", ], url: "https://signal.org/download/macos", }, { tags: [ "x_transferred", ], url: "https://signal.org/download/linux", }, { tags: [ "x_transferred", ], url: "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://signal.org/en/download/windows", }, { url: "https://signal.org/download/macos", }, { url: "https://signal.org/download/linux", }, { url: "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24069", datePublished: "2023-01-23T00:00:00", dateReserved: "2023-01-23T00:00:00", dateUpdated: "2024-08-02T10:49:09.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11101
Vulnerability from cvelistv5
Published
2018-05-17 19:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\DESKTOP-XXXXX\Temp\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter).
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/May/46 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180516 CVE-2018-11101: Signal-desktop HTML tag injection variant 2", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/May/46", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-16T00:00:00", descriptions: [ { lang: "en", value: "Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-18T04:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20180516 CVE-2018-11101: Signal-desktop HTML tag injection variant 2", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/May/46", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-11101", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20180516 CVE-2018-11101: Signal-desktop HTML tag injection variant 2", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/May/46", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-11101", datePublished: "2018-05-17T19:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.547Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9970
Vulnerability from cvelistv5
Published
2019-03-24 01:52
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107550 | vdb-entry, x_refsource_BID | |
| https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:10:08.403Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "107550", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107550", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-25T19:14:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "107550", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107550", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9970", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "107550", refsource: "BID", url: "http://www.securityfocus.com/bid/107550", }, { name: "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt", refsource: "MISC", url: "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9970", datePublished: "2019-03-24T01:52:33", dateReserved: "2019-03-23T00:00:00", dateUpdated: "2024-08-04T22:10:08.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2018-08-20 22:29
Modified
2024-11-21 03:48
Severity ?
Summary
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", matchCriteriaId: "7CF97006-2E19-41A6-8D2C-A0BF54466EAA", versionEndExcluding: "1.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:1.15.0:beta1:*:*:*:*:*:*", matchCriteriaId: "A2F1A0A8-1954-49BC-A0BF-C4498CD729A2", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:1.15.0:beta2:*:*:*:*:*:*", matchCriteriaId: "F00DF096-E0BC-4366-A8CF-E60D7F6723EE", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:1.15.0:beta3:*:*:*:*:*:*", matchCriteriaId: "5EE4A9DE-9B97-4DC8-AFB5-1A0D551863FD", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:1.15.0:beta4:*:*:*:*:*:*", matchCriteriaId: "074AC7B0-385E-4F86-AD25-E7705406DB83", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:1.15.0:beta5:*:*:*:*:*:*", matchCriteriaId: "000FBDC6-134C-43F6-99E9-5801D21B7164", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:1.15.0:beta6:*:*:*:*:*:*", matchCriteriaId: "572A56BF-E4B6-4A0D-9FB0-344F092AC2E9", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:1.15.0:beta7:*:*:*:*:*:*", matchCriteriaId: "E7412528-7CC9-4ABE-AF4C-AC454BDA1A98", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:1.15.0:beta8:*:*:*:*:*:*", matchCriteriaId: "E813DD37-1940-4956-8805-6DD9A348ED05", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:1.15.0:beta9:*:*:*:*:*:*", matchCriteriaId: "96133F0B-752B-4872-A7A4-533EE7A8C5FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.", }, { lang: "es", value: "Open Whisper Signal (también conocido como Signal-Desktop) en versiones anteriores a la 1.15.0-beta.10 permite la fuga de información.", }, ], id: "CVE-2018-14023", lastModified: "2024-11-21T03:48:27.720", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-20T22:29:00.483", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 19:29
Modified
2024-11-21 03:42
Severity ?
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\DESKTOP-XXXXX\Temp\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/May/46 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/May/46 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", matchCriteriaId: "4595B8BE-95ED-4A15-BA6E-AC6D41D9FD85", versionEndIncluding: "1.10.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter).", }, { lang: "es", value: "Open Whisper Signal (también conocido como Signal-Desktop) hasta la versión 1.10.1 permite Cross-Site Scripting (XSS) mediante una localización de recurso especificada en un atributo de un elemento SCRIPT, IFRAME o IMG, lo que conduce a la ejecución de JavaScript tras una respuesta. Esta vulnerabilidad es diferente de CVE-2018-10994. El atacante necesita enviar código HTML directamente como mensaje y, después, responder a ese mensaje para desencadenar esta vulnerabilidad. El software Signal-Desktop no sanea los elementos HTML especiales que se pueden utilizar para inyectar código HTML en las ventanas de chat remoto al responder a un mensaje HTML. Específicamente, los elementos IMG e IFRAME pueden emplearse para incluir recursos remotos o locales. Por ejemplo, el uso de un elemento IFRAME habilita la ejecución de código total, lo que permite que un atacante descargue/suba archivos, información, etc. Se ha descubierto que el elemento SCRIPT también es inyectable. En el sistema operativo de Windows, CSP no evita la inclusión de recursos mediante el protocolo SMB. En este caso, la ejecución remota de JavaScript puede lograrse referenciando el script en una compartición SMB en un elemento IFRAME, por ejemplo: >IFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html> y después contestando. El código JavaScript incluido se ejecuta de forma automática, sin que se necesite interacción por parte del usuario. La vulnerabilidad puede desencadenarse en el cliente Signal-Desktop mediante el envío de un mensaje especialmente manipulado y, después, contestando con cualquier texto o contenido en la respuesta (no importa).", }, ], id: "CVE-2018-11101", lastModified: "2024-11-21T03:42:41.003", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T19:29:00.557", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/May/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/May/46", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-14 23:29
Modified
2024-11-21 03:42
Severity ?
Summary
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", matchCriteriaId: "23C19769-6E5A-4095-A4F9-66A8D35680D5", versionEndExcluding: "1.10.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.", }, { lang: "es", value: "js/views/message_view.js en Open Whisper Signal (también conocido como Signal-Desktop) en versiones anteriores a la 1.10.1 permite Cross-Site Scripting (XSS) mediante una URL.", }, ], id: "CVE-2018-10994", lastModified: "2024-11-21T03:42:27.323", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-14T23:29:00.250", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://twitter.com/bcrypt/status/995057030304952320", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://twitter.com/lorenzoFB/status/995048605399633926", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://twitter.com/ortegaalfredo/status/995940738839056384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://twitter.com/bcrypt/status/995057030304952320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://twitter.com/lorenzoFB/status/995048605399633926", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://twitter.com/ortegaalfredo/status/995940738839056384", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-24 02:29
Modified
2024-11-21 04:52
Severity ?
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107550 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107550 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | private_messenger | * | |
| signal | signal-desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:*", matchCriteriaId: "62886A5F-FA19-4E16-8E1E-195302310554", versionEndIncluding: "4.35.3", vulnerable: true, }, { criteria: "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", matchCriteriaId: "F7AB79BE-52F8-409C-99FA-BB273862CDB4", versionEndIncluding: "1.23.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.", }, { lang: "es", value: "Open Whisper Signal (también conocido como Signal-Desktop) hasta la versión 1.23.1, así como la aplicación Signal Private Messenger hasta la versión 4.35.3 para Android, son vulnerables a un ataque homógrafo IDN al mostrar mensajes que contienen URL. Esto ocurre debido a que la aplicación produce un enlace clicable incluso si, por ejemplo, existen caracteres latinos y cirílicos en el mismo nombre de dominio y la fuente disponible tiene una representación idéntica de caracteres de diferentes alfabetos.", }, ], id: "CVE-2019-9970", lastModified: "2024-11-21T04:52:42.287", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-24T02:29:00.670", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107550", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-24 15:15
Modified
2024-11-21 04:35
Severity ?
Summary
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", matchCriteriaId: "6DAC6F28-25F4-44BC-8B22-57051417484B", versionEndExcluding: "1.29.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\\node_modules\\.bin\\wmic.exe file.", }, { lang: "es", value: "Signal Desktop versiones anteriores a 1.29.1 en Windows permite a usuarios locales alcanzar privilegios creando un archivo de tipo caballo de Troya %SYSTEMDRIVE%\\node_modules\\.bin\\wmic.exe.", }, ], id: "CVE-2019-19954", lastModified: "2024-11-21T04:35:44.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-24T15:15:11.473", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-427", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-23 07:15
Modified
2024-11-21 07:47
Severity ?
Summary
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://signal.org/download/linux | Product, Vendor Advisory | |
| cve@mitre.org | https://signal.org/download/macos | Product, Vendor Advisory | |
| cve@mitre.org | https://signal.org/en/download/windows | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/download/linux | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/download/macos | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/en/download/windows | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", matchCriteriaId: "C74B8BD8-C2D0-4E46-B228-97E539D033AD", versionEndIncluding: "6.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.", }, { lang: "es", value: "Signal Desktop anterior a 6.2.0 en Windows, Linux y macOS permite a un atacante obtener archivos adjuntos potencialmente confidenciales enviados en mensajes desde el directorio attachments.noindex. Los archivos adjuntos almacenados en caché no se borran de manera efectiva. En algunos casos, incluso después de la eliminación de un archivo por iniciativa propia, un atacante aún puede recuperar el archivo si ya se le respondió en una conversación. (El atacante necesita acceso al sistema de archivos local). NOTA: el proveedor cuestiona la relevancia de este hallazgo porque el producto no está destinado a proteger contra adversarios con este grado de acceso local.", }, ], id: "CVE-2023-24069", lastModified: "2024-11-21T07:47:22.200", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-23T07:15:11.137", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "https://signal.org/download/linux", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "https://signal.org/download/macos", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "https://signal.org/en/download/windows", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://signal.org/download/linux", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://signal.org/download/macos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://signal.org/en/download/windows", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-23 07:15
Modified
2024-11-21 07:47
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://signal.org/download/linux | Vendor Advisory | |
| cve@mitre.org | https://signal.org/download/macos | Vendor Advisory | |
| cve@mitre.org | https://signal.org/en/download/windows | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/download/linux | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/download/macos | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/en/download/windows | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*", matchCriteriaId: "C74B8BD8-C2D0-4E46-B228-97E539D033AD", versionEndIncluding: "6.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.", }, { lang: "es", value: "Signal Desktop anterior a 6.2.0 en Windows, Linux y macOS permite a un atacante modificar archivos adjuntos de conversaciones dentro del directorio attachments.noindex. Los mecanismos del cliente no logran validar las modificaciones de los archivos almacenados en caché existentes, lo que da como resultado la capacidad del atacante de insertar código malicioso en archivos adjuntos preexistentes o reemplazarlos por completo. Un actor de amenazas puede reenviar el archivo adjunto existente en la conversación correspondiente a grupos externos, y el nombre y el tamaño del archivo no cambiarán, lo que permitirá que el malware se haga pasar por otro archivo. NOTA: el proveedor cuestiona la relevancia de este hallazgo porque el producto no está destinado a proteger contra adversarios con este grado de acceso local.", }, ], id: "CVE-2023-24068", lastModified: "2024-11-21T07:47:21.973", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-23T07:15:10.967", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://signal.org/download/linux", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://signal.org/download/macos", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://signal.org/en/download/windows", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://signal.org/download/linux", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://signal.org/download/macos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://signal.org/en/download/windows", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }