1. Home
  2. CVE Database
  3. CVE-2023-24069
LOW · 3.3

CVE-2023-24069

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are ...

Vulnerability Description

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
SignalSignal-Desktop<= 6.2.0
AppleMacos-
LinuxLinux Kernel-
MicrosoftWindows-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2023-24069?

CVE-2023-24069 is a vulnerability with a CVSS score of 3.3 (LOW). Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are ...

How severe is CVE-2023-24069?

CVE-2023-24069 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-24069?

Check the references section above for vendor advisories and patch information. Affected products include: Signal Signal-Desktop, Apple Macos, Linux Linux Kernel, Microsoft Windows.