PT-2022-15670 · Keybase · Keybase Client
Olivia Ohara
·
Published
2022-02-09
·
Updated
2023-08-08
·
CVE-2022-22779
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Keybase Clients for macOS and Windows versions prior to 5.9.0
Description
The issue arises when a user initiates exploded messages, and the receiving user switches to a non-chat feature, putting the host in a sleep state before the messages are exploded. This can lead to the disclosure of sensitive information that was meant to be deleted from a user's filesystem.
Recommendations
For versions prior to 5.9.0, update to version 5.9.0 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Keybase Client