Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Keybase Client for macOS by Zoom Video Communications Inc

    CVE-2022-22779 (GCVE-0-2022-22779)

    Vulnerability from nvd – Published: 2022-02-09 22:05 – Updated: 2024-09-17 00:05
    VLAI
    Title
    Retained exploded messages in Keybase clients for macOS and Windows
    Summary
    The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem.
    CWE
    • Improper Enforcement of Behavioral Workflow
    Assigner
    References
    Impacted products
    Date Public
    2022-02-08 00:00
    Credits
    Olivia O'Hara
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.090Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Keybase Client for macOS",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Keybase Client for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Olivia O\u0027Hara"
            }
          ],
          "datePublic": "2022-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user\u2019s filesystem."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Enforcement of Behavioral Workflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-09T22:05:15.000Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Retained exploded messages in Keybase clients for macOS and Windows",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zoom.us",
              "DATE_PUBLIC": "2022-02-08T12:00:00.000Z",
              "ID": "CVE-2022-22779",
              "STATE": "PUBLIC",
              "TITLE": "Retained exploded messages in Keybase clients for macOS and Windows"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Keybase Client for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Keybase Client for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoom Video Communications Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Olivia O\u0027Hara"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user\u2019s filesystem."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Enforcement of Behavioral Workflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://explore.zoom.us/en/trust/security/security-bulletin",
                  "refsource": "MISC",
                  "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
                }
              ]
            },
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2022-22779",
        "datePublished": "2022-02-09T22:05:15.143Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:05:46.594Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22779 (GCVE-0-2022-22779)

    Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2024-09-17 00:05
    VLAI
    Title
    Retained exploded messages in Keybase clients for macOS and Windows
    Summary
    The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem.
    CWE
    • Improper Enforcement of Behavioral Workflow
    Assigner
    References
    Impacted products
    Date Public
    2022-02-08 00:00
    Credits
    Olivia O'Hara
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.090Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Keybase Client for macOS",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Keybase Client for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Olivia O\u0027Hara"
            }
          ],
          "datePublic": "2022-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user\u2019s filesystem."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Enforcement of Behavioral Workflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-09T22:05:15.000Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Retained exploded messages in Keybase clients for macOS and Windows",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@zoom.us",
              "DATE_PUBLIC": "2022-02-08T12:00:00.000Z",
              "ID": "CVE-2022-22779",
              "STATE": "PUBLIC",
              "TITLE": "Retained exploded messages in Keybase clients for macOS and Windows"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Keybase Client for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Keybase Client for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoom Video Communications Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Olivia O\u0027Hara"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user\u2019s filesystem."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Enforcement of Behavioral Workflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://explore.zoom.us/en/trust/security/security-bulletin",
                  "refsource": "MISC",
                  "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
                }
              ]
            },
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2022-22779",
        "datePublished": "2022-02-09T22:05:15.143Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:05:46.594Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }