CVE-2020-15258

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-15258
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15258.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-15258
Related
  • GHSA-5gpx-9976-ggpm
Published
2020-10-16T17:15:12Z
Modified
2025-01-08T10:28:23.099312Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Wire before 3.20.x, shell.openExternal was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL's protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory.

References

Affected packages

Git / github.com/wireapp/wire-desktop

Affected ranges

Type
GIT
Repo
https://github.com/wireapp/wire-desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.0

linux/3.*

linux/3.10.2904
linux/3.11.2912
linux/3.12.2916
linux/3.16.2923
linux/3.17.2924
linux/3.18.2925
linux/3.19.2928
linux/3.5.2881
linux/3.6.2885
linux/3.7.2891
linux/3.8.2894
linux/3.9.2895

macos/2.*

macos/2.15.2750

Other

macos/2907
release/2883
release/2899

macos/3.*

macos/3.10.3133
macos/3.10.3215
macos/3.12.3490
macos/3.16.3630
macos/3.17.3666
macos/3.18.3728
macos/3.19.3799
macos/3.6.2923
macos/3.7.2930
macos/3.8.2940
macos/3.9.2943

release/2.*

release/2.10.2650
release/2.10.2651
release/2.10.2653
release/2.10.2654
release/2.11.2655
release/2.11.2656
release/2.11.2657
release/2.11.2658
release/2.11.2659
release/2.11.2660
release/2.11.2661
release/2.11.2662
release/2.11.2663
release/2.11.2664
release/2.11.2665
release/2.11.2666
release/2.11.2667
release/2.11.2668
release/2.11.2669
release/2.11.2670
release/2.11.2671
release/2.11.2672
release/2.11.2673
release/2.11.2674
release/2.11.2675
release/2.11.2676
release/2.11.2677
release/2.11.2678
release/2.11.2679
release/2.11.2680
release/2.11.2681
release/2.11.2682
release/2.11.2683
release/2.11.2684
release/2.11.2685
release/2.11.2686
release/2.11.2687
release/2.11.2688
release/2.11.2689
release/2.11.2690
release/2.11.2691
release/2.11.2692
release/2.11.2693
release/2.11.2694
release/2.11.2695
release/2.11.2696
release/2.11.2697
release/2.11.2698
release/2.11.2699
release/2.11.2700
release/2.11.2701
release/2.11.2702
release/2.11.2703
release/2.11.2704
release/2.11.2705
release/2.11.2706
release/2.11.2707
release/2.11.2708
release/2.11.2709
release/2.11.2710
release/2.11.2711
release/2.11.2712
release/2.11.2713
release/2.11.2714
release/2.11.2715
release/2.11.2716
release/2.11.2717
release/2.11.2718
release/2.11.2719
release/2.11.2720
release/2.11.2721
release/2.11.2722
release/2.11.2723
release/2.12.2725
release/2.12.2726
release/2.12.2727
release/2.12.2728
release/2.12.2729
release/2.13.2724
release/2.13.2730
release/2.13.2731
release/2.13.2732
release/2.13.2733
release/2.13.2734
release/2.13.2735
release/2.13.2736
release/2.13.2737
release/2.13.2738
release/2.13.2739
release/2.13.2740
release/2.13.2741
release/2.13.2742
release/2.14.2743
release/2.14.2744
release/2.15.2745
release/2.15.2746
release/2.15.2747
release/2.15.2748
release/2.15.2749
release/2.15.2750
release/2.15.2751
release/2.16.2806
release/2.17.2808
release/2.17.2813
release/2.9.2644
release/2.9.2645
release/2.9.2646
release/2.9.2647
release/2.9.2648
release/2.9.2649

release/3.*

release/3.0.2814
release/3.0.2816
release/3.0.2828
release/3.1.2822
release/3.2.2840
release/3.2.2860
release/3.3.2862
release/3.3.2868
release/3.3.2872
release/3.4.2879
release/3.4.2883
release/3.4.2885

windows/3.*

windows/3.10.3138
windows/3.11.3259
windows/3.12.3423
windows/3.16.3562
windows/3.17.3598
windows/3.18.3660
windows/3.19.3731
windows/3.5.2899
windows/3.6.2908
windows/3.7.2917
windows/3.8.2927
windows/3.9.2928