Search
Find a vulnerability
Search criteria
3 vulnerabilities by kubell Co., Ltd.
JVNDB-2024-000115
Vulnerability from jvndb - Published: 2024-10-28 14:29 - Updated:2024-10-28 14:29
Severity
Summary
Chatwork Desktop Application (Windows) uses a potentially dangerous function
Details
Chatwork Desktop Application (Windows) provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function (CWE-676), which allows a user to access an external website via a link in the application.
RyotaK of Flatt Security Inc. directly reported this vulnerability to the developer and coordinated. After the coordination was completed, the developer reported this case to IPA under Information Security Early Warning Partnership to notify the users of the solution through JVN, and JPCERT/CC coordinated with the developer for JVN advisory publication.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000115.html",
"dc:date": "2024-10-28T14:29+09:00",
"dcterms:issued": "2024-10-28T14:29+09:00",
"dcterms:modified": "2024-10-28T14:29+09:00",
"description": "Chatwork Desktop Application (Windows) provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function (CWE-676), which allows a user to access an external website via a link in the application.\r\n\r\nRyotaK of Flatt Security Inc. directly reported this vulnerability to the developer and coordinated. After the coordination was completed, the developer reported this case to IPA under Information Security Early Warning Partnership to notify the users of the solution through JVN, and JPCERT/CC coordinated with the developer for JVN advisory publication.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000115.html",
"sec:cpe": {
"#text": "cpe:/a:misc:kubell_chatwork_desktop_application_for_windows",
"@product": "Chatwork Desktop Application for Windows",
"@vendor": "kubell Co., Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000115",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN78335885/index.html",
"@id": "JVN#78335885",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-50307",
"@id": "CVE-2024-50307",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Chatwork Desktop Application (Windows) uses a potentially dangerous function"
}
CVE-2024-50307 (GCVE-0-2024-50307)
Vulnerability from nvd – Published: 2024-10-28 04:28 – Updated: 2024-10-28 12:44
VLAI
EPSS
VEX
Summary
Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows).
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-676 - Use of potentially dangerous function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN78335885/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kubell Co., Ltd. | Chatwork Desktop Application (Windows) |
Affected:
versions prior to 2.9.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T12:42:58.583508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T12:44:44.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chatwork Desktop Application (Windows)",
"vendor": "kubell Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows)."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-676",
"description": "Use of potentially dangerous function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T04:28:13.855Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN78335885/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-50307",
"datePublished": "2024-10-28T04:28:13.855Z",
"dateReserved": "2024-10-22T01:06:52.750Z",
"dateUpdated": "2024-10-28T12:44:44.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50307 (GCVE-0-2024-50307)
Vulnerability from cvelistv5 – Published: 2024-10-28 04:28 – Updated: 2024-10-28 12:44
VLAI
EPSS
VEX
Summary
Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows).
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-676 - Use of potentially dangerous function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN78335885/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kubell Co., Ltd. | Chatwork Desktop Application (Windows) |
Affected:
versions prior to 2.9.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T12:42:58.583508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T12:44:44.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chatwork Desktop Application (Windows)",
"vendor": "kubell Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows)."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-676",
"description": "Use of potentially dangerous function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T04:28:13.855Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN78335885/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-50307",
"datePublished": "2024-10-28T04:28:13.855Z",
"dateReserved": "2024-10-22T01:06:52.750Z",
"dateUpdated": "2024-10-28T12:44:44.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}