CVE-2024-10668

There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 or Quick Share Windows v1.0.2002.2

CVSS

No CVSS.

References

Link	Resource
https://github.com/google/nearby/pull/2892

Configurations

No configuration.

History

08 Nov 2024, 19:01

Type	Values Removed	Values Added
Summary		(es) Existe una omisión de autenticación en Google Quickshare mediante la cual un atacante puede cargar un tipo de archivo desconocido a una víctima. La causa principal de la vulnerabilidad radica en el hecho de que cuando se envía un frame de transferencia de payload de tipo FILE a Quick Share, el archivo que está contenido en este frame se escribe en el disco en la carpeta Descargas. Quickshare normalmente elimina archivos desconocidos, sin embargo, un atacante puede enviar dos frames de transferencia de payload de tipo FILE y el mismo ID de payload. La lógica de eliminación solo eliminará el primer archivo y no el segundo. Recomendamos actualizar la versión anterior a el commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 o Quick Share Windows v1.0.2002.2

07 Nov 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-07 16:15

Updated : 2024-11-08 19:01

NVD link : CVE-2024-10668

Mitre link : CVE-2024-10668

CVE.ORG link : CVE-2024-10668

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-10668", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 5.9, "automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-07T16:15:16.923", "references": [{"url": "https://github.com/google/nearby/pull/2892", "source": "cve-coordination@google.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u00a0Quick Share Windows v1.0.2002.2"}, {"lang": "es", "value": "Existe una omisi\u00f3n de autenticaci\u00f3n en Google Quickshare mediante la cual un atacante puede cargar un tipo de archivo desconocido a una v\u00edctima. La causa principal de la vulnerabilidad radica en el hecho de que cuando se env\u00eda un frame de transferencia de payload de tipo FILE a Quick Share, el archivo que est\u00e1 contenido en este frame se escribe en el disco en la carpeta Descargas. Quickshare normalmente elimina archivos desconocidos, sin embargo, un atacante puede enviar dos frames de transferencia de payload de tipo FILE y el mismo ID de payload. La l\u00f3gica de eliminaci\u00f3n solo eliminar\u00e1 el primer archivo y no el segundo. Recomendamos actualizar la versi\u00f3n anterior a el commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 o Quick Share Windows v1.0.2002.2"}], "lastModified": "2024-11-08T19:01:03.880", "sourceIdentifier": "cve-coordination@google.com"}