PT-2022-16120 · Wire · Wire-Webapp

Published

2022-02-04

Updated

2022-02-11

CVE-2022-23605

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wire Webapp versions prior to 2022-01-27-production.0

Description The issue concerns the unreliable removal of expired ephemeral messages from the local chat history in the Wire Webapp. These messages and associated assets could still be accessed through the local search functionality. However, attempting to view one of these messages in the chat view would trigger their deletion. This problem only affects locally stored messages.

Recommendations For Wire Webapp versions prior to 2022-01-27-production.0, update to version 2022-01-27-production.0 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-212

Related Identifiers

CVE-2022-23605

GHSA-2W3M-PPFG-HG62

Affected Products

Wire-Webapp

PT-2022-16120 · Wire · Wire-Webapp

CVE-2022-23605

Weakness Enumeration

Related Identifiers

Affected Products

References · 5