Lucene search

K
cve[email protected]CVE-2021-34421
HistoryNov 12, 2021 - 12:00 a.m.

CVE-2021-34421

2021-11-1200:00:00
CWE-459
web.nvd.nist.gov
27
2
keybase
client
android
ios
version 5.8.0
exploded messages
disclosure
sensitive information
nvd
cve-2021-34421

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

31.3%

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer’s device.

Affected configurations

NVD
Node
keybasekeybaseMatch5.8.0android
OR
keybasekeybaseMatch5.8.0iphone_os
CPENameOperatorVersion
keybase:keybasekeybaseeq5.8.0

CNA Affected

[
  {
    "product": "Keybase Client for Android ",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.8.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Keybase Client for iOS",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.8.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

31.3%

Related for CVE-2021-34421