Search

Find a vulnerability

Search criteria

    3 vulnerabilities by kubell Co., Ltd.

    JVNDB-2024-000115

    Vulnerability from jvndb - Published: 2024-10-28 14:29 - Updated:2024-10-28 14:29
    Severity
    Summary
    Chatwork Desktop Application (Windows) uses a potentially dangerous function
    Details
    Chatwork Desktop Application (Windows) provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function (CWE-676), which allows a user to access an external website via a link in the application. RyotaK of Flatt Security Inc. directly reported this vulnerability to the developer and coordinated. After the coordination was completed, the developer reported this case to IPA under Information Security Early Warning Partnership to notify the users of the solution through JVN, and JPCERT/CC coordinated with the developer for JVN advisory publication.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000115.html",
      "dc:date": "2024-10-28T14:29+09:00",
      "dcterms:issued": "2024-10-28T14:29+09:00",
      "dcterms:modified": "2024-10-28T14:29+09:00",
      "description": "Chatwork Desktop Application (Windows) provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function (CWE-676), which allows a user to access an external website via a link in the application.\r\n\r\nRyotaK of Flatt Security Inc. directly reported this vulnerability to the developer and coordinated. After the coordination was completed, the developer reported this case to IPA under Information Security Early Warning Partnership to notify the users of the solution through JVN, and JPCERT/CC coordinated with the developer for JVN advisory publication.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000115.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:kubell_chatwork_desktop_application_for_windows",
        "@product": "Chatwork Desktop Application for Windows",
        "@vendor": "kubell Co., Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.5",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000115",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN78335885/index.html",
          "@id": "JVN#78335885",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-50307",
          "@id": "CVE-2024-50307",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Chatwork Desktop Application (Windows) uses a potentially dangerous function"
    }

    CVE-2024-50307 (GCVE-0-2024-50307)

    Vulnerability from nvd – Published: 2024-10-28 04:28 – Updated: 2024-10-28 12:44
    VLAI
    Summary
    Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-676 - Use of potentially dangerous function
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-50307",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T12:42:58.583508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T12:44:44.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chatwork Desktop Application (Windows)",
              "vendor": "kubell Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 2.9.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-676",
                  "description": "Use of potentially dangerous function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T04:28:13.855Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/jp/JVN78335885/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-50307",
        "datePublished": "2024-10-28T04:28:13.855Z",
        "dateReserved": "2024-10-22T01:06:52.750Z",
        "dateUpdated": "2024-10-28T12:44:44.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-50307 (GCVE-0-2024-50307)

    Vulnerability from cvelistv5 – Published: 2024-10-28 04:28 – Updated: 2024-10-28 12:44
    VLAI
    Summary
    Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-676 - Use of potentially dangerous function
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-50307",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T12:42:58.583508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T12:44:44.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chatwork Desktop Application (Windows)",
              "vendor": "kubell Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 2.9.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-676",
                  "description": "Use of potentially dangerous function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T04:28:13.855Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/jp/JVN78335885/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-50307",
        "datePublished": "2024-10-28T04:28:13.855Z",
        "dateReserved": "2024-10-22T01:06:52.750Z",
        "dateUpdated": "2024-10-28T12:44:44.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }