Lucene search

GitHub_MCVELIST:CVE-2021-32665

HistoryJun 03, 2021 - 9:00 p.m.

CVE-2021-32665 Verified groups not reliable

2021-06-0321:00:12

CWE-345

GitHub_M

www.cve.org

wire-ios

conversation verification

bug

version 3.8.0

vulnerability

patched

workaround

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an existing conversation - All the participants in the conversation were previously marked as verified. The vulnerability is patched in wire-ios version 3.8.1. As a workaround, one can unverify & verify a device in the conversation.

CNA Affected

[
  {
    "product": "wire-ios",
    "vendor": "wireapp",
    "versions": [
      {
        "status": "affected",
        "version": "<= 3.8.0"
      }
    ]
  }
]

References

github.com/wireapp/wire-ios-data-model/commit/bf9db85886b12a20c8374f55b7c4a610e8ae9220

github.com/wireapp/wire-ios/security/advisories/GHSA-mc65-7w99-c6qv

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Related for CVELIST:CVE-2021-32665