CVE-2023-28686

2023-03-2404:15:55

Debian Security Bug Tracker

security-tracker.debian.org

dino

security vulnerability

unauthorized modification

personal bookmark store

crafted message

group chats

sensitive information

unix

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.

OSVersionArchitecturePackageVersionFilename
Debian12alldino-im< 0.4.2-1dino-im_0.4.2-1_all.deb
Debian11alldino-im< 0.2.0-3+deb11u1dino-im_0.2.0-3+deb11u1_all.deb
Debian999alldino-im< 0.4.2-1dino-im_0.4.2-1_all.deb
Debian13alldino-im< 0.4.2-1dino-im_0.4.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	dino-im	< 0.4.2-1	dino-im_0.4.2-1_all.deb
Debian	11	all	dino-im	< 0.2.0-3+deb11u1	dino-im_0.2.0-3+deb11u1_all.deb
Debian	999	all	dino-im	< 0.4.2-1	dino-im_0.4.2-1_all.deb
Debian	13	all	dino-im	< 0.4.2-1	dino-im_0.4.2-1_all.deb