CVE-2023-24069 Information

Description

Signal Desktop before 6.2.0 on Windows Linux and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases even after a self-initiated file deletion an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.)

Reference

https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ https://signal.org/en/download/windows https://signal.org/download/linux https://signal.org/download/macos