CVE-2018-14023

Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.

CVSS v3 4.0 MEDIUM
CVSS v2.0 2.1 LOW

4.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1	Exploit Third Party Advisory
https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop	Exploit Third Party Advisory
http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1	Exploit Third Party Advisory
https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:signal:signal-desktop::::::::
	cpe:2.3:a:signal:signal-desktop:1.15.0:beta1::::::
	cpe:2.3:a:signal:signal-desktop:1.15.0:beta2::::::
	cpe:2.3:a:signal:signal-desktop:1.15.0:beta3::::::
	cpe:2.3:a:signal:signal-desktop:1.15.0:beta4::::::
	cpe:2.3:a:signal:signal-desktop:1.15.0:beta5::::::
	cpe:2.3:a:signal:signal-desktop:1.15.0:beta6::::::
	cpe:2.3:a:signal:signal-desktop:1.15.0:beta7::::::
	cpe:2.3:a:signal:signal-desktop:1.15.0:beta8::::::
	cpe:2.3:a:signal:signal-desktop:1.15.0:beta9::::::

History

21 Nov 2024, 03:48

Type	Values Removed	Values Added
References	~~() http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1 - Exploit, Third Party Advisory~~	() http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1 - Exploit, Third Party Advisory
References	~~() https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop - Exploit, Third Party Advisory~~	() https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop - Exploit, Third Party Advisory

Information

Published : 2018-08-20 22:29

Updated : 2024-11-21 03:48

NVD link : CVE-2018-14023

Mitre link : CVE-2018-14023

CVE.ORG link : CVE-2018-14023

JSON object : View

Products Affected

signal

signal-desktop

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

4.0 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-14023

4.0^/10

2.1^/10

Attach tags to `CVE-2018-14023`