CVE-2024-10668
Vulnerability from cvelistv5
Published
2024-11-07 15:22
Modified
2024-11-21 10:32
Severity ?
EPSS score ?
Summary
Auth Bypass in Quickshare
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-10668", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T16:09:55.288390Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T16:10:57.747Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/google/nearby", "defaultStatus": "unaffected", "packageName": "Nearby", "product": "Nearby", "repo": "https://github.com/google/nearby", "vendor": "Google", "versions": [ { "lessThan": "5d8b9156e0c339d82d3dab0849187e8819ad92c0", "status": "affected", "version": "0", "versionType": "git" }, { "lessThan": "1.0.2002.2", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "Or Yair with SafeBreach" }, { "lang": "en", "type": "reporter", "value": "Shmuel Cohen with SafeBreach" } ], "datePublic": "2024-10-04T22:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u0026nbsp;5d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eQuick Share Windows v1.0.2002.2\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u00a0Quick Share Windows v1.0.2002.2" } ], "impacts": [ { "capecId": "CAPEC-165", "descriptions": [ { "lang": "en", "value": "CAPEC-165 File Manipulation" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/AU:N/R:U/V:D/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-21T10:32:45.723Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/google/nearby/pull/2892" } ], "source": { "discovery": "UNKNOWN" }, "title": "Auth Bypass in Quickshare", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2024-10668", "datePublished": "2024-11-07T15:22:24.280Z", "dateReserved": "2024-11-01T10:03:03.149Z", "dateUpdated": "2024-11-21T10:32:45.723Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-10668\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2024-11-07T16:15:16.923\",\"lastModified\":\"2024-11-08T19:01:03.880\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u00a0Quick Share Windows v1.0.2002.2\"},{\"lang\":\"es\",\"value\":\"Existe una omisi\u00f3n de autenticaci\u00f3n en Google Quickshare mediante la cual un atacante puede cargar un tipo de archivo desconocido a una v\u00edctima. La causa principal de la vulnerabilidad radica en el hecho de que cuando se env\u00eda un frame de transferencia de payload de tipo FILE a Quick Share, el archivo que est\u00e1 contenido en este frame se escribe en el disco en la carpeta Descargas. Quickshare normalmente elimina archivos desconocidos, sin embargo, un atacante puede enviar dos frames de transferencia de payload de tipo FILE y el mismo ID de payload. La l\u00f3gica de eliminaci\u00f3n solo eliminar\u00e1 el primer archivo y no el segundo. Recomendamos actualizar la versi\u00f3n anterior a el commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 o Quick Share Windows v1.0.2002.2\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Green\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnerableSystemConfidentiality\":\"LOW\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"LOW\",\"subsequentSystemConfidentiality\":\"LOW\",\"subsequentSystemIntegrity\":\"HIGH\",\"subsequentSystemAvailability\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NO\",\"recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"LOW\",\"providerUrgency\":\"GREEN\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"}}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"references\":[{\"url\":\"https://github.com/google/nearby/pull/2892\",\"source\":\"cve-coordination@google.com\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.