Retained exploded messages in Keybase clients for macOS and Windows

Bulletin: ZSB-22001
CVEID: CVE-2022-22779
CVSS Severity: Low
CVSS Score: 3.7
CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Description:

The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem.

Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates from https://keybase.io/download.

Affected Products:

All Keybase Clients for macOS and Windows before version 5.9.0

Source:

Reported by Olivia O'Hara

Revision	Date	Description
1.0	02/08/2022	Initial Publication

Retained exploded messages in Keybase clients for macOS and Windows

Subscribe for updates