VDB
CVE-2023-28686
CVE-2023-28686
PUBLISHED
CVSS 7.099999904632568 HIGH
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
EPSS 0.19% · 40.4th percentile
Risk Scores
CVSS v3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
EPSS Score
0.19%
40.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a, n/a |
| debian | debian_linux | 11.0, 11.0, 12.0 |
| dino | dino | 0.3.0, 0.4.0, 0 |
| fedoraproject | fedora | 38, 37, 36 |
Timeline
- Mar 24, 2023 CVE Published
- Mar 24, 2023 EPSS Score
- Mar 24, 2023 PoC Published
- May 1, 2023 EPSS Score
- Jun 9, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Aug 24, 2023 EPSS Score
- Oct 2, 2023 EPSS Score
- Nov 9, 2023 EPSS Score
- Dec 17, 2023 EPSS Score
- Mar 3, 2024 EPSS Score
- Apr 10, 2024 EPSS Score
References
- https://dino.im/security/cve-2023-28686/ url
- DSA-5379 vendor-advisory
- FEDORA-2023-587d6a00c3 vendor-advisory
- FEDORA-2023-f003d8e633 vendor-advisory
- FEDORA-2023-ea6b94395f vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-28686 advisory
- https://dino.im/security/cve-2023-28686 url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQLCEUZS5GPHUQMS7C6W2NS3PHYUFHYF url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GOH6NYTLPM52MDIR2IRVUR3REDVWZV6N url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIWXAK656EHSRIRUHLPBE3AX2I4TMH7M url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQLCEUZS5GPHUQMS7C6W2NS3PHYUFHYF url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOH6NYTLPM52MDIR2IRVUR3REDVWZV6N url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIWXAK656EHSRIRUHLPBE3AX2I4TMH7M url