CVE-2022-22779 LOW

CVE-2022-22779: Retained exploded messages in Keybase clients for macOS and Windows

Vendor Zoom Video Communications Inc
Product Keybase Client for macOS
Published February 9, 2022
Last update September 17, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem.

Key dates

02Disclosure timeline

February 9, 2022 CVE published
September 17, 2024 Record updated