Vulnerabilites related to signal - signal-desktop
Vulnerability from fkie_nvd
Published
2019-03-24 02:29
Modified
2024-11-21 04:52
Severity ?
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107550 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107550 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | private_messenger | * | |
| signal | signal-desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:*",
"matchCriteriaId": "62886A5F-FA19-4E16-8E1E-195302310554",
"versionEndIncluding": "4.35.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AB79BE-52F8-409C-99FA-BB273862CDB4",
"versionEndIncluding": "1.23.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets."
},
{
"lang": "es",
"value": "Open Whisper Signal (tambi\u00e9n conocido como Signal-Desktop) hasta la versi\u00f3n 1.23.1, as\u00ed como la aplicaci\u00f3n Signal Private Messenger hasta la versi\u00f3n 4.35.3 para Android, son vulnerables a un ataque hom\u00f3grafo IDN al mostrar mensajes que contienen URL. Esto ocurre debido a que la aplicaci\u00f3n produce un enlace clicable incluso si, por ejemplo, existen caracteres latinos y cir\u00edlicos en el mismo nombre de dominio y la fuente disponible tiene una representaci\u00f3n id\u00e9ntica de caracteres de diferentes alfabetos."
}
],
"id": "CVE-2019-9970",
"lastModified": "2024-11-21T04:52:42.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-24T02:29:00.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107550"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-24 15:15
Modified
2024-11-21 04:35
Severity ?
Summary
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAC6F28-25F4-44BC-8B22-57051417484B",
"versionEndExcluding": "1.29.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\\node_modules\\.bin\\wmic.exe file."
},
{
"lang": "es",
"value": "Signal Desktop versiones anteriores a 1.29.1 en Windows permite a usuarios locales alcanzar privilegios creando un archivo de tipo caballo de Troya %SYSTEMDRIVE%\\node_modules\\.bin\\wmic.exe."
}
],
"id": "CVE-2019-19954",
"lastModified": "2024-11-21T04:35:44.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-24T15:15:11.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-23 07:15
Modified
2024-11-21 07:47
Severity ?
Summary
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://signal.org/download/linux | Product, Vendor Advisory | |
| cve@mitre.org | https://signal.org/download/macos | Product, Vendor Advisory | |
| cve@mitre.org | https://signal.org/en/download/windows | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/download/linux | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/download/macos | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/en/download/windows | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C74B8BD8-C2D0-4E46-B228-97E539D033AD",
"versionEndIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."
},
{
"lang": "es",
"value": "Signal Desktop anterior a 6.2.0 en Windows, Linux y macOS permite a un atacante obtener archivos adjuntos potencialmente confidenciales enviados en mensajes desde el directorio attachments.noindex. Los archivos adjuntos almacenados en cach\u00e9 no se borran de manera efectiva. En algunos casos, incluso despu\u00e9s de la eliminaci\u00f3n de un archivo por iniciativa propia, un atacante a\u00fan puede recuperar el archivo si ya se le respondi\u00f3 en una conversaci\u00f3n. (El atacante necesita acceso al sistema de archivos local). NOTA: el proveedor cuestiona la relevancia de este hallazgo porque el producto no est\u00e1 destinado a proteger contra adversarios con este grado de acceso local."
}
],
"id": "CVE-2023-24069",
"lastModified": "2024-11-21T07:47:22.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-23T07:15:11.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://signal.org/download/linux"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://signal.org/download/macos"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://signal.org/en/download/windows"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://signal.org/download/linux"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://signal.org/download/macos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://signal.org/en/download/windows"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-14 23:29
Modified
2024-11-21 03:42
Severity ?
Summary
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C19769-6E5A-4095-A4F9-66A8D35680D5",
"versionEndExcluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL."
},
{
"lang": "es",
"value": "js/views/message_view.js en Open Whisper Signal (tambi\u00e9n conocido como Signal-Desktop) en versiones anteriores a la 1.10.1 permite Cross-Site Scripting (XSS) mediante una URL."
}
],
"id": "CVE-2018-10994",
"lastModified": "2024-11-21T03:42:27.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-14T23:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/bcrypt/status/995057030304952320"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/lorenzoFB/status/995048605399633926"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/ortegaalfredo/status/995940738839056384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/bcrypt/status/995057030304952320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/lorenzoFB/status/995048605399633926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/ortegaalfredo/status/995940738839056384"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-17 19:29
Modified
2024-11-21 03:42
Severity ?
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\DESKTOP-XXXXX\Temp\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/May/46 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/May/46 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4595B8BE-95ED-4A15-BA6E-AC6D41D9FD85",
"versionEndIncluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: \u003cIFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html\u003e and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn\u0027t matter)."
},
{
"lang": "es",
"value": "Open Whisper Signal (tambi\u00e9n conocido como Signal-Desktop) hasta la versi\u00f3n 1.10.1 permite Cross-Site Scripting (XSS) mediante una localizaci\u00f3n de recurso especificada en un atributo de un elemento SCRIPT, IFRAME o IMG, lo que conduce a la ejecuci\u00f3n de JavaScript tras una respuesta. Esta vulnerabilidad es diferente de CVE-2018-10994. El atacante necesita enviar c\u00f3digo HTML directamente como mensaje y, despu\u00e9s, responder a ese mensaje para desencadenar esta vulnerabilidad. El software Signal-Desktop no sanea los elementos HTML especiales que se pueden utilizar para inyectar c\u00f3digo HTML en las ventanas de chat remoto al responder a un mensaje HTML. Espec\u00edficamente, los elementos IMG e IFRAME pueden emplearse para incluir recursos remotos o locales. Por ejemplo, el uso de un elemento IFRAME habilita la ejecuci\u00f3n de c\u00f3digo total, lo que permite que un atacante descargue/suba archivos, informaci\u00f3n, etc. Se ha descubierto que el elemento SCRIPT tambi\u00e9n es inyectable. En el sistema operativo de Windows, CSP no evita la inclusi\u00f3n de recursos mediante el protocolo SMB. En este caso, la ejecuci\u00f3n remota de JavaScript puede lograrse referenciando el script en una compartici\u00f3n SMB en un elemento IFRAME, por ejemplo: \u003eIFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html\u003e y despu\u00e9s contestando. El c\u00f3digo JavaScript incluido se ejecuta de forma autom\u00e1tica, sin que se necesite interacci\u00f3n por parte del usuario. La vulnerabilidad puede desencadenarse en el cliente Signal-Desktop mediante el env\u00edo de un mensaje especialmente manipulado y, despu\u00e9s, contestando con cualquier texto o contenido en la respuesta (no importa)."
}
],
"id": "CVE-2018-11101",
"lastModified": "2024-11-21T03:42:41.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-17T19:29:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/May/46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/May/46"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-23 07:15
Modified
2024-11-21 07:47
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://signal.org/download/linux | Vendor Advisory | |
| cve@mitre.org | https://signal.org/download/macos | Vendor Advisory | |
| cve@mitre.org | https://signal.org/en/download/windows | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/download/linux | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/download/macos | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://signal.org/en/download/windows | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C74B8BD8-C2D0-4E46-B228-97E539D033AD",
"versionEndIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker\u0027s ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."
},
{
"lang": "es",
"value": "Signal Desktop anterior a 6.2.0 en Windows, Linux y macOS permite a un atacante modificar archivos adjuntos de conversaciones dentro del directorio attachments.noindex. Los mecanismos del cliente no logran validar las modificaciones de los archivos almacenados en cach\u00e9 existentes, lo que da como resultado la capacidad del atacante de insertar c\u00f3digo malicioso en archivos adjuntos preexistentes o reemplazarlos por completo. Un actor de amenazas puede reenviar el archivo adjunto existente en la conversaci\u00f3n correspondiente a grupos externos, y el nombre y el tama\u00f1o del archivo no cambiar\u00e1n, lo que permitir\u00e1 que el malware se haga pasar por otro archivo. NOTA: el proveedor cuestiona la relevancia de este hallazgo porque el producto no est\u00e1 destinado a proteger contra adversarios con este grado de acceso local."
}
],
"id": "CVE-2023-24068",
"lastModified": "2024-11-21T07:47:21.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-23T07:15:10.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://signal.org/download/linux"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://signal.org/download/macos"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://signal.org/en/download/windows"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://signal.org/download/linux"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://signal.org/download/macos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://signal.org/en/download/windows"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-20 22:29
Modified
2024-11-21 03:48
Severity ?
Summary
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | signal-desktop | * | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 | |
| signal | signal-desktop | 1.15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF97006-2E19-41A6-8D2C-A0BF54466EAA",
"versionEndExcluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:1.15.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A2F1A0A8-1954-49BC-A0BF-C4498CD729A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:1.15.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F00DF096-E0BC-4366-A8CF-E60D7F6723EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:1.15.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5EE4A9DE-9B97-4DC8-AFB5-1A0D551863FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:1.15.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "074AC7B0-385E-4F86-AD25-E7705406DB83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:1.15.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "000FBDC6-134C-43F6-99E9-5801D21B7164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:1.15.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "572A56BF-E4B6-4A0D-9FB0-344F092AC2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:1.15.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E7412528-7CC9-4ABE-AF4C-AC454BDA1A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:1.15.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "E813DD37-1940-4956-8805-6DD9A348ED05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:1.15.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "96133F0B-752B-4872-A7A4-533EE7A8C5FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage."
},
{
"lang": "es",
"value": "Open Whisper Signal (tambi\u00e9n conocido como Signal-Desktop) en versiones anteriores a la 1.15.0-beta.10 permite la fuga de informaci\u00f3n."
}
],
"id": "CVE-2018-14023",
"lastModified": "2024-11-21T03:48:27.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-20T22:29:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=oSJscEei5SE\u0026app=desktop"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=oSJscEei5SE\u0026app=desktop"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-19954 (GCVE-0-2019-19954)
Vulnerability from cvelistv5
Published
2019-12-24 14:07
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/ | x_refsource_MISC | |
| https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\\node_modules\\.bin\\wmic.exe file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T14:07:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\\node_modules\\.bin\\wmic.exe file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/",
"refsource": "MISC",
"url": "https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/"
},
{
"name": "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688",
"refsource": "MISC",
"url": "https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19954",
"datePublished": "2019-12-24T14:07:20",
"dateReserved": "2019-12-24T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9970 (GCVE-0-2019-9970)
Vulnerability from cvelistv5
Published
2019-03-24 01:52
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107550 | vdb-entry, x_refsource_BID | |
| https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107550"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T19:14:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "107550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107550"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107550"
},
{
"name": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt",
"refsource": "MISC",
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9970",
"datePublished": "2019-03-24T01:52:33",
"dateReserved": "2019-03-23T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14023 (GCVE-0-2018-14023)
Vulnerability from cvelistv5
Published
2018-08-20 22:00
Modified
2024-08-05 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
References
| ▼ | URL | Tags |
|---|---|---|
| http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1 | x_refsource_MISC | |
| https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:40.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=oSJscEei5SE\u0026app=desktop"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=oSJscEei5SE\u0026app=desktop"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1",
"refsource": "MISC",
"url": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1"
},
{
"name": "https://www.youtube.com/watch?v=oSJscEei5SE\u0026app=desktop",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=oSJscEei5SE\u0026app=desktop"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14023",
"datePublished": "2018-08-20T22:00:00",
"dateReserved": "2018-07-12T00:00:00",
"dateUpdated": "2024-08-05T09:21:40.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10994 (GCVE-0-2018-10994)
Vulnerability from cvelistv5
Published
2018-05-14 23:00
Modified
2024-08-05 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://twitter.com/ortegaalfredo/status/995940738839056384 | x_refsource_MISC | |
| https://twitter.com/bcrypt/status/995057030304952320 | x_refsource_MISC | |
| https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1 | x_refsource_MISC | |
| https://twitter.com/lorenzoFB/status/995048605399633926 | x_refsource_MISC | |
| https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/ortegaalfredo/status/995940738839056384"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/bcrypt/status/995057030304952320"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/lorenzoFB/status/995048605399633926"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/ortegaalfredo/status/995940738839056384"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/bcrypt/status/995057030304952320"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/lorenzoFB/status/995048605399633926"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/ortegaalfredo/status/995940738839056384",
"refsource": "MISC",
"url": "https://twitter.com/ortegaalfredo/status/995940738839056384"
},
{
"name": "https://twitter.com/bcrypt/status/995057030304952320",
"refsource": "MISC",
"url": "https://twitter.com/bcrypt/status/995057030304952320"
},
{
"name": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1",
"refsource": "MISC",
"url": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1"
},
{
"name": "https://twitter.com/lorenzoFB/status/995048605399633926",
"refsource": "MISC",
"url": "https://twitter.com/lorenzoFB/status/995048605399633926"
},
{
"name": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea",
"refsource": "MISC",
"url": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10994",
"datePublished": "2018-05-14T23:00:00",
"dateReserved": "2018-05-11T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24068 (GCVE-0-2023-24068)
Vulnerability from cvelistv5
Published
2023-01-23 00:00
Modified
2024-08-22 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:08.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://signal.org/en/download/windows"
},
{
"tags": [
"x_transferred"
],
"url": "https://signal.org/download/macos"
},
{
"tags": [
"x_transferred"
],
"url": "https://signal.org/download/linux"
},
{
"tags": [
"x_transferred"
],
"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "signal-desktop",
"vendor": "signal",
"versions": [
{
"lessThan": "6.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24068",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:37:21.248850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T14:50:55.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker\u0027s ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://signal.org/en/download/windows"
},
{
"url": "https://signal.org/download/macos"
},
{
"url": "https://signal.org/download/linux"
},
{
"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24068",
"datePublished": "2023-01-23T00:00:00",
"dateReserved": "2023-01-23T00:00:00",
"dateUpdated": "2024-08-22T14:50:55.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11101 (GCVE-0-2018-11101)
Vulnerability from cvelistv5
Published
2018-05-17 19:00
Modified
2024-08-05 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\DESKTOP-XXXXX\Temp\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter).
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/May/46 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180516 CVE-2018-11101: Signal-desktop HTML tag injection variant 2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/May/46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: \u003cIFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html\u003e and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn\u0027t matter)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-18T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180516 CVE-2018-11101: Signal-desktop HTML tag injection variant 2",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/May/46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: \u003cIFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html\u003e and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn\u0027t matter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180516 CVE-2018-11101: Signal-desktop HTML tag injection variant 2",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11101",
"datePublished": "2018-05-17T19:00:00",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24069 (GCVE-0-2023-24069)
Vulnerability from cvelistv5
Published
2023-01-23 00:00
Modified
2024-08-02 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "signal-desktop",
"vendor": "signal",
"versions": [
{
"status": "affected",
"version": "6.2.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24069",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T15:22:50.145630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:25.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:09.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://signal.org/en/download/windows"
},
{
"tags": [
"x_transferred"
],
"url": "https://signal.org/download/macos"
},
{
"tags": [
"x_transferred"
],
"url": "https://signal.org/download/linux"
},
{
"tags": [
"x_transferred"
],
"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://signal.org/en/download/windows"
},
{
"url": "https://signal.org/download/macos"
},
{
"url": "https://signal.org/download/linux"
},
{
"url": "https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24069",
"datePublished": "2023-01-23T00:00:00",
"dateReserved": "2023-01-23T00:00:00",
"dateUpdated": "2024-08-02T10:49:09.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}