CVE-2023-32546

Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
jpcertCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.4 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
chatworkchatwork
𝑥
≤ 2.6.43
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://go.chatwork.com/ja/download/
https://jvn.jp/en/jp/JVN96828492/
https://go.chatwork.com/ja/download/
https://jvn.jp/en/jp/JVN96828492/