PT-2022-27000 · Wire · Wire

Kai Dybionka

Published

2022-11-18

Updated

2022-11-23

CVE-2022-43673

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wire versions through 3.22.3993

Description The issue concerns the advertisement of deletion of sent messages in Wire, but the messages can still be retrieved for a limited period from the AppDataRoamingWireIndexedDBhttps app.wire.com 0.indexeddb.leveldb database on Windows.

Recommendations For versions through 3.22.3993, consider deleting the https app.wire.com 0.indexeddb.leveldb database file in the AppDataRoamingWireIndexedDB directory to remove potentially retrievable messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2022-43673

Affected Products

Wire

PT-2022-27000 · Wire · Wire

CVE-2022-43673

Weakness Enumeration

Related Identifiers

Affected Products

References · 8