It does require user interaction to exploit, giving it a CVSSv2 score of 5.5 (Medium). This vulnerability, which has been patched, would have allowed an attacker to post a crafted hyperlink into a Slack channel or private conversation that changes the document download location path when clicked. Tenable Research discovered a download hijack vulnerability in Slack Desktop version 3.3.7 for Windows. Users should ensure their Slack desktop application is up to date. Tenable worked with Slack via HackerOne based on our coordinated disclosure policy and Slack has since released a new version of its Windows desktop client to address this vulnerability. Tenable Researcher David Wells discovered a vulnerability in Slack Desktop for Windows that could have allowed an attacker to alter where files downloaded within Slack are stored.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |