CVE-2023-28686
HIGHDino <0.2.3, 0.3.x <0.3.2, 0.4.x <0.4.2 - Info Disclosure
Title source: llmDescription
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
References (5)
Core 5
Core References
Patch, Vendor Advisory
https://dino.im/security/cve-2023-28686/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5379
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIWXAK656EHSRIRUHLPBE3AX2I4TMH7M/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQLCEUZS5GPHUQMS7C6W2NS3PHYUFHYF/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GOH6NYTLPM52MDIR2IRVUR3REDVWZV6N/
Scores
CVSS v3
7.1
EPSS
0.0022
EPSS Percentile
44.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (7)
debian/debian_linux
10.0
debian/debian_linux
11.0
debian/debian_linux
12.0
dino/dino
< 0.2.3
fedoraproject/fedora
36
fedoraproject/fedora
37
fedoraproject/fedora
38
Published
Mar 24, 2023
Tracked Since
Feb 18, 2026