CVE-2024-10668 (GCVE-0-2024-10668)
Vulnerability from cvelistv5 – Published: 2024-11-07 15:22 – Updated: 2024-11-21 10:32
VLAI?
Summary
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 or Quick Share Windows v1.0.2002.2
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
Credits
Or Yair with SafeBreach
Shmuel Cohen with SafeBreach
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:09:55.288390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:10:57.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/google/nearby",
"defaultStatus": "unaffected",
"packageName": "Nearby",
"product": "Nearby",
"repo": "https://github.com/google/nearby",
"vendor": "Google",
"versions": [
{
"lessThan": "5d8b9156e0c339d82d3dab0849187e8819ad92c0",
"status": "affected",
"version": "0",
"versionType": "git"
},
{
"lessThan": "1.0.2002.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Or Yair with SafeBreach"
},
{
"lang": "en",
"type": "reporter",
"value": "Shmuel Cohen with SafeBreach"
}
],
"datePublic": "2024-10-04T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u0026nbsp;5d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eQuick Share Windows v1.0.2002.2\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u00a0Quick Share Windows v1.0.2002.2"
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/AU:N/R:U/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T10:32:45.723Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/nearby/pull/2892"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Auth Bypass in Quickshare",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-10668",
"datePublished": "2024-11-07T15:22:24.280Z",
"dateReserved": "2024-11-01T10:03:03.149Z",
"dateUpdated": "2024-11-21T10:32:45.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\\u00a0Quick Share Windows v1.0.2002.2\"}, {\"lang\": \"es\", \"value\": \"Existe una omisi\\u00f3n de autenticaci\\u00f3n en Google Quickshare mediante la cual un atacante puede cargar un tipo de archivo desconocido a una v\\u00edctima. La causa principal de la vulnerabilidad radica en el hecho de que cuando se env\\u00eda un frame de transferencia de payload de tipo FILE a Quick Share, el archivo que est\\u00e1 contenido en este frame se escribe en el disco en la carpeta Descargas. Quickshare normalmente elimina archivos desconocidos, sin embargo, un atacante puede enviar dos frames de transferencia de payload de tipo FILE y el mismo ID de payload. La l\\u00f3gica de eliminaci\\u00f3n solo eliminar\\u00e1 el primer archivo y no el segundo. Recomendamos actualizar la versi\\u00f3n anterior a el commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 o Quick Share Windows v1.0.2002.2\"}]",
"id": "CVE-2024-10668",
"lastModified": "2024-11-08T19:01:03.880",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"cve-coordination@google.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Green\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"ACTIVE\", \"vulnerableSystemConfidentiality\": \"LOW\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"LOW\", \"subsequentSystemConfidentiality\": \"LOW\", \"subsequentSystemIntegrity\": \"HIGH\", \"subsequentSystemAvailability\": \"LOW\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NO\", \"recovery\": \"USER\", \"valueDensity\": \"DIFFUSE\", \"vulnerabilityResponseEffort\": \"LOW\", \"providerUrgency\": \"GREEN\"}}]}",
"published": "2024-11-07T16:15:16.923",
"references": "[{\"url\": \"https://github.com/google/nearby/pull/2892\", \"source\": \"cve-coordination@google.com\"}]",
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"cve-coordination@google.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-10668\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2024-11-07T16:15:16.923\",\"lastModified\":\"2025-07-23T19:30:53.877\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u00a0Quick Share Windows v1.0.2002.2\"},{\"lang\":\"es\",\"value\":\"Existe una omisi\u00f3n de autenticaci\u00f3n en Google Quickshare mediante la cual un atacante puede cargar un tipo de archivo desconocido a una v\u00edctima. La causa principal de la vulnerabilidad radica en el hecho de que cuando se env\u00eda un frame de transferencia de payload de tipo FILE a Quick Share, el archivo que est\u00e1 contenido en este frame se escribe en el disco en la carpeta Descargas. Quickshare normalmente elimina archivos desconocidos, sin embargo, un atacante puede enviar dos frames de transferencia de payload de tipo FILE y el mismo ID de payload. La l\u00f3gica de eliminaci\u00f3n solo eliminar\u00e1 el primer archivo y no el segundo. Recomendamos actualizar la versi\u00f3n anterior a el commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 o Quick Share Windows v1.0.2002.2\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Green\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"LOW\",\"providerUrgency\":\"GREEN\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:quick_share:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.2002.2\",\"matchCriteriaId\":\"8012A6BF-79EB-478C-AAA2-3F356DB2E9BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://github.com/google/nearby/pull/2892\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-10668\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-07T16:09:55.288390Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-07T16:09:49.138Z\"}}], \"cna\": {\"title\": \"Auth Bypass in Quickshare\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Or Yair with SafeBreach\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Shmuel Cohen with SafeBreach\"}], \"impacts\": [{\"capecId\": \"CAPEC-165\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-165 File Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 5.9, \"Automatable\": \"NO\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/AU:N/R:U/V:D/RE:L/U:Green\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/google/nearby\", \"vendor\": \"Google\", \"product\": \"Nearby\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5d8b9156e0c339d82d3dab0849187e8819ad92c0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.0.2002.2\", \"versionType\": \"semver\"}], \"packageName\": \"Nearby\", \"collectionURL\": \"https://github.com/google/nearby\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-10-04T22:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/google/nearby/pull/2892\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\\u00a0Quick Share Windows v1.0.2002.2\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u0026nbsp;5d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eQuick Share Windows v1.0.2002.2\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2024-11-21T10:32:45.723Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-10668\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-21T10:32:45.723Z\", \"dateReserved\": \"2024-11-01T10:03:03.149Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2024-11-07T15:22:24.280Z\", \"assignerShortName\": \"Google\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…