CVE-2023-24068

Description from NVD

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file.

Information Acquisition Date:2023-01-25T23:24Z
CVSS 2.0: 0.0 None CVSS 3.x: 0.0 None

NVD References

 https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
     source:MISC
     tags:
 https://signal.org/en/download/windows
     source:MISC
     tags:
 https://signal.org/download/linux
     source:MISC
     tags:
 https://signal.org/download/macos
     source:MISC
     tags:

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Exchange(1 tweets) Linux(7 tweets) Windows(7 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-2406926

▼ Show Information from Twitter(61)


List of frequently cited URLs

URLNum of Times Referred to
johnjhacking.com26

▼ Show Information from Twitter(61)


GitHub Search Results: Up to 10
NameURL
Live-Hack-CVE/CVE-2023-24068 https://github.com/Live-Hack-CVE/CVE-2023-24068

GitHub Search Results: Up to 10
NameURL
Live-Hack-CVE/CVE-2023-24068 github.com

2023/01/27 Score : 0
Added Har-sia Database : 2023/01/23
Last Modified : 2023/01/27
Highest Scored Date : 2023/01/24
Highest Score : 22