Vulnerability Description
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dino | Dino | < 0.2.3 |
| Fedoraproject | Fedora | 36 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://dino.im/security/cve-2023-28686/PatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.debian.org/security/2023/dsa-5379Third Party Advisory
- https://dino.im/security/cve-2023-28686/PatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.debian.org/security/2023/dsa-5379Third Party Advisory
FAQ
What is CVE-2023-28686?
CVE-2023-28686 is a vulnerability with a CVSS score of 7.1 (HIGH). Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force ...
How severe is CVE-2023-28686?
CVE-2023-28686 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28686?
Check the references section above for vendor advisories and patch information. Affected products include: Dino Dino, Fedoraproject Fedora, Debian Debian Linux.