Lucene search

FreeBSDDEC6B8E9-C9FE-11ED-BB39-901B0E9408DC

HistoryMar 23, 2023 - 12:00 a.m.

dino -- Insufficient message sender validation in Dino

2023-03-2300:00:00

vuxml.freebsd.org

dino

insufficient validation

personal bookmarks

crafted messages

group chat display

victim manipulation

sensitive information disclosure

unix

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

Dino team reports:

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows
attackers to modify the personal bookmark store via a crafted
message. The attacker can change the display of group chats or
force a victim to join a group chat; the victim may then be tricked
into disclosing sensitive information.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchdino< 0.4.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	dino	< 0.4.2	UNKNOWN

References

dino.im/security/cve-2023-28686/

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

Related for DEC6B8E9-C9FE-11ED-BB39-901B0E9408DC