CVE-2023-28686
First published: Thu Mar 23 2023(Updated: )
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dino Dino | <0.2.3 | |
| Dino Dino | >=0.3.0<0.3.2 | |
| Dino Dino | >=0.4.0<0.4.2 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Debian Debian Linux | =12.0 | |
| debian/dino-im | <=0.3.0-2~bpo11+1<=0.4.1-1<=0.2.0-3 | 0.4.2+git20230324.b75b606-1 0.4.2-1 0.2.0-3+deb11u1 |
| debian/dino-im | 0.0.git20181129-1+deb10u1 0.2.0-3+deb11u1 0.4.2-1 0.4.3-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://dino.im/security/cve-2023-28686/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQLCEUZS5GPHUQMS7C6W2NS3PHYUFHYF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOH6NYTLPM52MDIR2IRVUR3REDVWZV6N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIWXAK656EHSRIRUHLPBE3AX2I4TMH7M/
- https://www.debian.org/security/2023/dsa-5379
- https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec.patch
- https://security-tracker.debian.org/tracker/CVE-2023-28686
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033370
- https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec
- https://github.com/dino/dino/commit/baf96d9d9fac7480fed777ac87d917f8dec8f0f6
- https://github.com/dino/dino/commit/e02a443a4eaf02f0ab860b41d0bc7081d4110ab4
- https://github.com/dino/dino/commit/74c29d4df19f97b9b67bbc3c1a963a8729be69fd
Frequently Asked Questions
What is CVE-2023-28686?
CVE-2023-28686 is a vulnerability in Dino versions before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 that allows attackers to modify the personal bookmark store via a crafted message.
How can an attacker exploit CVE-2023-28686?
An attacker can exploit CVE-2023-28686 to change the display of group chats or force a victim to join a group chat, potentially tricking the victim into disclosing sensitive information.
What is the severity of CVE-2023-28686?
CVE-2023-28686 has a severity rating of 7.1 (high).
Which software versions are affected by CVE-2023-28686?
Dino versions before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 are affected by CVE-2023-28686.
How can I fix CVE-2023-28686?
To fix CVE-2023-28686, update Dino to version 0.2.3 or higher.
- collector/nvd-index
- collector/debian-bugs
- alias/CVE-2023-28686
- collector/security-tracker-debian
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/dino
- canonical/dino dino
- version/dino dino/0.3.0
- version/dino dino/0.4.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- version/debian debian linux/12.0
- package-manager/debian