CVE-2021-21301

EPSS 0.37%
Veröffentlicht 11.02.2021 18:15:16
Zuletzt bearbeitet 21.11.2024 05:47:58
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wire ≫ Wire SwPlatformiphone_os Version < 3.75

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.583

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
security-advisories@github.com	2.6	1.2	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/wireapp/wire-ios/commit/7e3c30120066c9b10e50cc0d20012d0849c33a40

Patch

Third Party Advisory

https://github.com/wireapp/wire-ios/pull/4879

Patch

Third Party Advisory

https://github.com/wireapp/wire-ios/security/advisories/GHSA-7fg4-x8vj-qvxf

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21301

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21301

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21301

EUVD