WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.

Related CVEs

CVE-2022-29835

Key Information

GHSA ID

GHSA-89v6-g7j9-xj43

Published

September 20, 2022 12:00 AM

Last Modified

September 23, 2022 12:00 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 14, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.