Lucene search

K
cve[email protected]CVE-2018-17499
HistoryMar 21, 2019 - 4:00 p.m.

CVE-2018-17499

2019-03-2116:00:26
CWE-532
CWE-312
web.nvd.nist.gov
21
cve-2018-17499
envoy passport
android
iphone
sensitive information
vulnerability
api keys
token
nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.

Affected configurations

Vulners
NVD
Node
envoypassportMatch2.2.5
OR
envoypassportMatch2.4.0
VendorProductVersionCPE
envoypassport2.2.5cpe:2.3:a:envoy:passport:2.2.5:*:*:*:*:*:*:*
envoypassport2.4.0cpe:2.3:a:envoy:passport:2.4.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Envoy Passport for iPhone",
    "vendor": "Envoy",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.5"
      }
    ]
  },
  {
    "product": "Envoy Passport for Android",
    "vendor": "Envoy",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.0"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

Related for CVE-2018-17499