The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature.
{"id": "CVE-2021-33840", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-33840", "description": "The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature.", "published": "2021-06-04T00:15:00", "modified": "2021-06-07T18:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33840", "reporter": "cve@mitre.org", "references": ["https://luca-app.de/securityoverview/processes/guest_registration.html#verifying-the-contact-data", "https://gitlab.com/lucaapp/web/-/issues/1#note_560963608"], "cvelist": ["CVE-2021-33840"], "immutableFields": [], "lastseen": "2022-03-23T18:39:06", "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "githubexploit", "idList": ["7407E081-4DB0-50D7-AC00-42DC86BACF6D"]}], "rev": 4}, "score": {"value": 5.5, "vector": "NONE"}, "twitter": {"counter": 8, "modified": "2021-06-05T07:38:33", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1401969819394711556", "text": " NEW: CVE-2021-33840 The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signatur... (click for more) Severity: HIGH https://t.co/ZBSeAF1H8J?amp=1"}, {"link": "https://twitter.com/threatmeter/status/1401436267867303936", "text": "CVE-2021-33840 The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature. (CVSS:0.0) (Last Update:2021-06-04) https://t.co/7pgDlzsPzQ?amp=1"}, {"link": "https://twitter.com/threatmeter/status/1401436267867303936", "text": "CVE-2021-33840 The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature. (CVSS:0.0) (Last Update:2021-06-04) https://t.co/7pgDlzsPzQ?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1401948397876264967", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-33840) has been published on https://t.co/yLNt4LgHWU?amp=1"}, {"link": "https://twitter.com/tfoale/status/1401944983339474950", "text": "CVE-2021-33840 https://t.co/ZxZC5G7Klt?amp=1 - latest /hashtag/security?src=hashtag_click /hashtag/vulnerabilities?src=hashtag_click /hashtag/cyber?src=hashtag_click"}, {"link": "https://twitter.com/WolfgangSesin/status/1402008779248574466", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-33840 (luca)) has been published on https://t.co/SVwi4nyBPT?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1401948396722831362", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-33840) has been published on https://t.co/uv8LL3wUsX?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1402008781664440326", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-33840 (luca)) has been published on https://t.co/s1KLur0E1G?amp=1"}]}, "backreferences": {"references": [{"type": "githubexploit", "idList": ["7407E081-4DB0-50D7-AC00-42DC86BACF6D"]}]}, "exploitation": null, "vulnersScore": 5.5}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:luca-app:luca:1.1.14"], "cpe23": ["cpe:2.3:a:luca-app:luca:1.1.14:*:*:*:*:android:*:*"], "cwe": ["CWE-400"], "affectedSoftware": [{"cpeName": "luca-app:luca", "version": "1.1.14", "operator": "le", "name": "luca-app luca"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:luca-app:luca:1.1.14:*:*:*:*:android:*:*", "versionEndIncluding": "1.1.14", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://luca-app.de/securityoverview/processes/guest_registration.html#verifying-the-contact-data", "name": "https://luca-app.de/securityoverview/processes/guest_registration.html#verifying-the-contact-data", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://gitlab.com/lucaapp/web/-/issues/1#note_560963608", "name": "https://gitlab.com/lucaapp/web/-/issues/1#note_560963608", "refsource": "MISC", "tags": ["Third Party Advisory"]}]}