Keybase Client For Windows
Approved changes feed: RSS · Atom
cpe:2.3:a:zoom_video_communications_inc:keybase_client_for_windows:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Zoom Video Communications Inc (35e29925-d897-5a03-b7c4-27ce30ad5789) |
|---|---|
| Product | Keybase Client For Windows (2f5b894e-ef81-5487-a42c-173d9b5152e3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-22779 |
vulnerable | 2026-06-03 14:46:25.491007 |
Retained exploded messages in Keybase clients for macOS and Windows
LOW (3.7)
The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem.
Published: 2022-02-09T22:05:15.143Z
Updated: 2024-09-17T00:05:46.594Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34426 |
vulnerable | 2026-06-03 14:44:45.002006 |
Arbitrary command execution in Keybase Client for Windows
MEDIUM (5.3)
A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user\'s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user\'s local system.
Published: 2021-12-14T19:26:03.894Z
Updated: 2024-09-17T04:09:55.829Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34422 |
vulnerable | 2026-06-03 14:44:44.948762 |
Path traversal of file names in Keybase Client for Windows
HIGH (7.2)
The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.
Published: 2021-11-11T22:58:22.996Z
Updated: 2024-09-17T03:12:21.549Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.