What is the vulnerability ID of Signal Desktop?

The vulnerability ID of Signal Desktop is CVE-2023-24068.

What is the severity of CVE-2023-24068?

The severity of CVE-2023-24068 is high with a severity value of 7.8.

Which operating systems are affected by CVE-2023-24068?

Signal Desktop before version 6.2.0 is affected on Windows, Linux, and macOS.

How can I fix CVE-2023-24068?

To fix CVE-2023-24068, update Signal Desktop to version 6.2.0 or later.

Vulnerability/
CVE-2023-24068

high

7.8

23/1/2023

22/8/2024

CVE-2023-24068

Q: What is the risk of CVE-2023-24068?

CVE-2023-24068 allows an attacker to modify conversation attachments within the attachments.noindex directory, potentially allowing them to insert malicious content.

First published: Mon Jan 23 2023(Updated: )

** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Signal Signal-desktop	<=6.2.0
Apple macOS
Linux Linux kernel
Microsoft Windows
All of
Signal Signal-desktop	<=6.2.0
Any of
Apple macOS
Linux Linux kernel
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of Signal Desktop?
The vulnerability ID of Signal Desktop is CVE-2023-24068.
What is the severity of CVE-2023-24068?
The severity of CVE-2023-24068 is high with a severity value of 7.8.
Which operating systems are affected by CVE-2023-24068?
Signal Desktop before version 6.2.0 is affected on Windows, Linux, and macOS.
What is the risk of CVE-2023-24068?
CVE-2023-24068 allows an attacker to modify conversation attachments within the attachments.noindex directory, potentially allowing them to insert malicious content.
How can I fix CVE-2023-24068?
To fix CVE-2023-24068, update Signal Desktop to version 6.2.0 or later.

collector/nvd-index
agent/type
agent/references
agent/first-publish-date
agent/author
agent/severity
agent/status
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/mitre-cve
source/MITRE
status/disputed
vendor/signal
canonical/signal signal-desktop
version/signal signal-desktop/6.2.0
vendor/apple
canonical/apple macos
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.