PT-2019-13693 · Loom · Loom Desktop

Thomas Karpiniec

Published

2019-08-07

Updated

2019-08-19

CVE-2019-14432

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Loom Desktop for Mac versions up to 0.16.0

Description The issue concerns incorrect authentication of application WebSocket connections, allowing remote code execution from malicious JavaScript in a browser or hosts on the same network during video recording. The same attack vector can also crash the application at any time.

Recommendations For versions up to 0.16.0, update to a version that contains a fix for this issue to prevent remote code execution and application crashes.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-14432

Affected Products

Loom Desktop

PT-2019-13693 · Loom · Loom Desktop

CVE-2019-14432

Weakness Enumeration

Related Identifiers

Affected Products

References · 4