Stealing Downloads from Slack Users
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63 [medium.com]
2019-05-18 02:30
The vulnerability could have allowed a remote attacker to submit a masqueraded link in a slack channel, that “if clicked” by a victim, would silently change the download location setting of the slack client to an attacker owned SMB share. This could have allowed all future downloaded documents by the victim to end up being uploaded to an attacker owned file server until the setting is manually changed back by the victim.
source: ars