Local File Access Vulnerability in Signal Desktop by Signal Foundation
CVE-2023-24069

3.3LOW

Key Information:

Vendor: Signal
Status: Signal-desktop
Vendor: CVE Published:; 23 January 2023

Badges

📰 News Worthy

What is CVE-2023-24069?

Signal Desktop prior to version 6.2.0 on Windows, Linux, and macOS has a local file access vulnerability that potentially exposes sensitive attachments stored in the attachments.noindex directory. Attackers with local system access can exploit the lack of effective cache clearing, allowing them to retrieve deleted files if they were previously part of a conversation thread. This presents a risk not only during normal use but also upon a user's attempted file deletion, highlighting a significant consideration for users concerned about local data security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

The Security Ledger

CVE-2023-24068 CVE-2023-24069

Beware: Images, Video Shared on Signal Hang Around

Photos and video files shared in Signal secure messaging app chats may be hanging around, even after the messages in which they were shared are deleted.

InfoSec Write-ups

CVE-2023-24069 CVE-2023-24068

Signal Client v6.2 and earlier versions vulnerable to CVE-2023–24068 & CVE-2023–24069

After I read the PoC from John Jackson, I had to try. I ran into my computer and checked the version of the Signal Client that I had installed. The version is 6.2.0, which is allegedly vulnerable. So…