How severe is CVE-2023-24069?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2023-24069?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2023-24069 - LOW Severity | CVSS 3.3

Vulnerability Description

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

Related Vulnerabilities

CVE-2013-4209

LOW

CVSS:3.3(Low)

Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.

CWE-2002013

CVE-2013-7458

LOW

CVSS:3.3(Low)

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

CWE-2002013

CVE-2014-2884

LOW

CVSS:3.3(Low)

The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OP...

CWE-2002014

CVE-2014-4407

LOW

CVSS:3.3(Low)

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafte...

CWE-2002014

CVE-2014-9680

LOW

CVSS:3.3(Low)

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by...

CWE-2002014

CVE-2015-0238

LOW

CVSS:3.3(Low)

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.

CWE-2002015