It does require user interaction to exploit, giving it a CVSSv2 score of 5.5 (Medium). This vulnerability, which has been patched, would have allowed an attacker to post a crafted hyperlink into a Slack channel or private conversation that changes the document download location path when clicked. Tenable Research discovered a download hijack vulnerability in Slack Desktop version 3.3.7 for Windows. Users should ensure their Slack desktop application is up to date. ![]() Tenable worked with Slack via HackerOne based on our coordinated disclosure policy and Slack has since released a new version of its Windows desktop client to address this vulnerability. Tenable Researcher David Wells discovered a vulnerability in Slack Desktop for Windows that could have allowed an attacker to alter where files downloaded within Slack are stored.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |