漏洞标题
过期的短暂消息在 wire-webapp 中无法可靠地删除
漏洞描述信息
wire-webapp中过期的临时消息无法可靠地删除
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
Expired Ephemeral Messages not reliably removed in wire-webapp
漏洞描述信息
Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible through the local search functionality. Any attempt to view one of these message in the chat view will then trigger the deletion. This issue only affects locally stored messages. On premise instances of wire-webapp need to be updated to 2022-01-27-production.0, so that their users are no longer affected. There are no known workarounds for this issue.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
漏洞类别
敏感数据的不恰当跨边界移除
漏洞标题
Wire 安全漏洞
漏洞描述信息
Wire是个人开发者的一款聊天软件。该软件支持 Web、WindowsiOS、Android、OS X 平台,有群组功能,可以语音通话,发送照片以及其独创性的打招呼方式 PING。 Wire webapp 存在安全漏洞,该漏洞源于没有可靠地从Wire Webapp的本地聊天历史中删除0个过期的临时消息,临时消息和资产仍然可以通过本地搜索功能访问。任何在聊天视图中查看这些消息的尝试都会触发删除。
CVSS信息
N/A
漏洞类别
其他