Lucene search
HistoryApr 02, 2021 - 3:15 p.m.
CVE-2021-21400
wire-webapp
vulnerability
app-lock
passphrase
handling
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
46.4%
wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.
Affected configurations
Node
wirewire-webappRange≤2019-07-11-13-18
ORwirewire-webappMatch2019-02-11staging0
ORwirewire-webappMatch2019-02-11staging1
ORwirewire-webappMatch2019-02-11staging2
ORwirewire-webappMatch2019-02-13staging0
ORwirewire-webappMatch2019-02-18staging0
ORwirewire-webappMatch2019-02-27staging0
ORwirewire-webappMatch2019-02-28staging0
ORwirewire-webappMatch2019-02-28staging1
ORwirewire-webappMatch2019-03-05staging0
ORwirewire-webappMatch2019-03-07staging0
ORwirewire-webappMatch2019-03-11staging0
ORwirewire-webappMatch2019-03-13staging0
ORwirewire-webappMatch2019-03-13staging1
ORwirewire-webappMatch2019-03-20staging0
ORwirewire-webappMatch2019-03-25staging0
ORwirewire-webappMatch2019-03-25staging1
ORwirewire-webappMatch2019-03-28staging0
ORwirewire-webappMatch2019-03-28staging1
ORwirewire-webappMatch2019-04-08staging0
ORwirewire-webappMatch2019-04-11staging0
ORwirewire-webappMatch2019-04-18staging0
ORwirewire-webappMatch2019-04-23staging1
ORwirewire-webappMatch2019-04-25staging0
ORwirewire-webappMatch2019-04-29staging0
ORwirewire-webappMatch2019-05-14staging0
ORwirewire-webappMatch2019-05-15staging0
ORwirewire-webappMatch2019-05-31staging0
ORwirewire-webappMatch2019-06-04staging0
ORwirewire-webappMatch2019-06-20staging0
ORwirewire-webappMatch2019-06-24staging0
ORwirewire-webappMatch2019-06-25staging0
ORwirewire-webappMatch2019-06-26staging0
ORwirewire-webappMatch2019-07-01staging0
ORwirewire-webappMatch2019-07-30staging0
ORwirewire-webappMatch2019-08-01staging0
ORwirewire-webappMatch2019-08-14staging0
ORwirewire-webappMatch2019-08-19staging0
ORwirewire-webappMatch2019-08-21production0
ORwirewire-webappMatch2019-08-22production0
ORwirewire-webappMatch2019-08-22staging0
ORwirewire-webappMatch2019-08-27staging0
ORwirewire-webappMatch2019-09-02production0
ORwirewire-webappMatch2019-09-05staging0
ORwirewire-webappMatch2019-09-09staging0
ORwirewire-webappMatch2019-09-12staging0
ORwirewire-webappMatch2019-09-13staging0
ORwirewire-webappMatch2019-09-17production0
ORwirewire-webappMatch2019-09-18staging0
ORwirewire-webappMatch2019-09-23staging0
ORwirewire-webappMatch2019-09-24production0
ORwirewire-webappMatch2019-10-07staging0
ORwirewire-webappMatch2019-10-07staging1
ORwirewire-webappMatch2019-10-08staging0
ORwirewire-webappMatch2019-10-10staging0
ORwirewire-webappMatch2019-10-10staging1
ORwirewire-webappMatch2019-10-14staging0
ORwirewire-webappMatch2019-10-16production0
ORwirewire-webappMatch2019-10-16production1
ORwirewire-webappMatch2019-10-16staging0
ORwirewire-webappMatch2019-10-16staging1
ORwirewire-webappMatch2019-10-21staging0
ORwirewire-webappMatch2019-10-25staging0
ORwirewire-webappMatch2019-10-29staging0
ORwirewire-webappMatch2019-10-31staging0
ORwirewire-webappMatch2019-11-01production0
ORwirewire-webappMatch2019-11-08staging0
ORwirewire-webappMatch2019-11-12staging0
ORwirewire-webappMatch2019-11-19staging0
ORwirewire-webappMatch2019-11-21production0
ORwirewire-webappMatch2019-11-21staging0
ORwirewire-webappMatch2019-11-25staging0
ORwirewire-webappMatch2019-11-26production0
ORwirewire-webappMatch2019-12-12staging0
ORwirewire-webappMatch2019-12-20staging0
ORwirewire-webappMatch2020-01-06production0
ORwirewire-webappMatch2020-01-09staging0
ORwirewire-webappMatch2020-01-13production0
ORwirewire-webappMatch2020-01-15staging0
ORwirewire-webappMatch2020-01-16staging0
ORwirewire-webappMatch2020-01-17staging0
ORwirewire-webappMatch2020-01-21staging0
ORwirewire-webappMatch2020-01-22production0
ORwirewire-webappMatch2020-02-06staging0
ORwirewire-webappMatch2020-02-11staging0
ORwirewire-webappMatch2020-02-11staging1
ORwirewire-webappMatch2020-02-14production0
ORwirewire-webappMatch2020-02-18staging0
ORwirewire-webappMatch2020-02-20staging0
ORwirewire-webappMatch2020-02-24staging0
ORwirewire-webappMatch2020-02-26staging0
ORwirewire-webappMatch2020-02-28staging0
ORwirewire-webappMatch2020-03-03production0
ORwirewire-webappMatch2020-03-03staging0
ORwirewire-webappMatch2020-03-06staging0
ORwirewire-webappMatch2020-03-12staging0
ORwirewire-webappMatch2020-03-18staging0
ORwirewire-webappMatch2020-03-20staging0
ORwirewire-webappMatch2020-03-23production0
ORwirewire-webappMatch2020-03-30staging0
ORwirewire-webappMatch2020-04-01staging0
ORwirewire-webappMatch2020-04-07production0
ORwirewire-webappMatch2020-04-09staging0
ORwirewire-webappMatch2020-04-16staging0
ORwirewire-webappMatch2020-04-21production0
ORwirewire-webappMatch2020-04-22staging0
ORwirewire-webappMatch2020-04-23staging0
ORwirewire-webappMatch2020-04-28staging0
ORwirewire-webappMatch2020-04-29production0
ORwirewire-webappMatch2020-05-04staging0
ORwirewire-webappMatch2020-05-06staging0
ORwirewire-webappMatch2020-05-07production0
ORwirewire-webappMatch2020-05-07staging0
ORwirewire-webappMatch2020-05-13staging0
ORwirewire-webappMatch2020-05-14staging0
ORwirewire-webappMatch2020-05-15staging0
ORwirewire-webappMatch2020-05-18staging0
ORwirewire-webappMatch2020-05-19staging0
ORwirewire-webappMatch2020-05-20production0
ORwirewire-webappMatch2020-05-22staging0
ORwirewire-webappMatch2020-05-26staging0
ORwirewire-webappMatch2020-05-27staging0
ORwirewire-webappMatch2020-05-28staging0
ORwirewire-webappMatch2020-05-29staging0
ORwirewire-webappMatch2020-06-02production0
ORwirewire-webappMatch2020-06-05staging0
ORwirewire-webappMatch2020-06-08staging0
ORwirewire-webappMatch2020-06-10staging0
ORwirewire-webappMatch2020-06-12staging0
ORwirewire-webappMatch2020-06-15production0
ORwirewire-webappMatch2020-06-15staging0
ORwirewire-webappMatch2020-06-19staging0
ORwirewire-webappMatch2020-06-24production0
ORwirewire-webappMatch2020-06-29staging0
ORwirewire-webappMatch2020-07-07staging0
ORwirewire-webappMatch2020-07-07staging1
ORwirewire-webappMatch2020-07-13staging0
ORwirewire-webappMatch2020-07-16staging0
ORwirewire-webappMatch2020-07-24production0
ORwirewire-webappMatch2020-07-24staging0
ORwirewire-webappMatch2020-07-24staging1
ORwirewire-webappMatch2020-08-06staging0
ORwirewire-webappMatch2020-08-12staging0
ORwirewire-webappMatch2020-08-12staging1
ORwirewire-webappMatch2020-08-14staging0
ORwirewire-webappMatch2020-08-18staging0
ORwirewire-webappMatch2020-08-19staging0
ORwirewire-webappMatch2020-08-21staging0
ORwirewire-webappMatch2020-08-25staging0
ORwirewire-webappMatch2020-08-26production0
ORwirewire-webappMatch2020-09-02staging0
ORwirewire-webappMatch2020-09-03staging0
ORwirewire-webappMatch2020-09-04staging0
ORwirewire-webappMatch2020-09-08staging0
ORwirewire-webappMatch2020-09-11production0
ORwirewire-webappMatch2020-09-17staging0
ORwirewire-webappMatch2020-09-18staging0
ORwirewire-webappMatch2020-09-21production0
ORwirewire-webappMatch2020-09-28staging0
ORwirewire-webappMatch2020-09-29production0
ORwirewire-webappMatch2020-10-01staging0
ORwirewire-webappMatch2020-10-06staging0
ORwirewire-webappMatch2020-10-07production0
ORwirewire-webappMatch2020-10-07staging0
ORwirewire-webappMatch2020-10-08production0
ORwirewire-webappMatch2020-10-14staging0
ORwirewire-webappMatch2020-10-15staging0
ORwirewire-webappMatch2020-10-21staging0
ORwirewire-webappMatch2020-10-21staging1
ORwirewire-webappMatch2020-10-26staging0
ORwirewire-webappMatch2020-10-27staging0
ORwirewire-webappMatch2020-10-28production0
ORwirewire-webappMatch2020-11-09production0
ORwirewire-webappMatch2020-11-30production0
ORwirewire-webappMatch2020-11-30staging0
ORwirewire-webappMatch2020-12-10staging0
ORwirewire-webappMatch2020-12-14production0
ORwirewire-webappMatch2021-01-18production0
ORwirewire-webappMatch2021-01-18staging1
ORwirewire-webappMatch2021-01-27staging0
ORwirewire-webappMatch2021-02-02production0
ORwirewire-webappMatch2021-02-03staging0
ORwirewire-webappMatch2021-02-04staging0
ORwirewire-webappMatch2021-02-15staging0
ORwirewire-webappMatch2021-02-17production0
ORwirewire-webappMatch2021-02-18staging0
ORwirewire-webappMatch2021-02-22staging1
ORwirewire-webappMatch2021-02-26staging0
ORwirewire-webappMatch2021-03-04production0
ORwirewire-webappMatch2021-03-05staging0
ORwirewire-webappMatch2021-03-10staging0
ORwirewire-webappMatch2021-03-15production0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wire | wire-webapp | * | cpe:2.3:a:wire:wire-webapp:*:*:*:*:*:*:*:* |
| wire | wire-webapp | 2019-02-11 | cpe:2.3:a:wire:wire-webapp:2019-02-11:staging0:*:*:*:*:*:* |
| wire | wire-webapp | 2019-02-11 | cpe:2.3:a:wire:wire-webapp:2019-02-11:staging1:*:*:*:*:*:* |
| wire | wire-webapp | 2019-02-11 | cpe:2.3:a:wire:wire-webapp:2019-02-11:staging2:*:*:*:*:*:* |
| wire | wire-webapp | 2019-02-13 | cpe:2.3:a:wire:wire-webapp:2019-02-13:staging0:*:*:*:*:*:* |
| wire | wire-webapp | 2019-02-18 | cpe:2.3:a:wire:wire-webapp:2019-02-18:staging0:*:*:*:*:*:* |
| wire | wire-webapp | 2019-02-27 | cpe:2.3:a:wire:wire-webapp:2019-02-27:staging0:*:*:*:*:*:* |
| wire | wire-webapp | 2019-02-28 | cpe:2.3:a:wire:wire-webapp:2019-02-28:staging0:*:*:*:*:*:* |
| wire | wire-webapp | 2019-02-28 | cpe:2.3:a:wire:wire-webapp:2019-02-28:staging1:*:*:*:*:*:* |
| wire | wire-webapp | 2019-03-05 | cpe:2.3:a:wire:wire-webapp:2019-03-05:staging0:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2021-21400 Entering code in App Lock modal sends input to conversation
2021-04-02 14:50:13
cve
cve
CVE-2021-21400
2021-04-02 15:15:13
prion
prion
Input validation
2021-04-02 15:15:00
osv
osv
CVE-2021-21400
2021-04-02 15:15:13
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
46.4%
Related for NVD:CVE-2021-21400