5.5

CVE-2021-23827

Exploit

EPSS 0.04%
Veröffentlicht 23.02.2021 00:15:12
Zuletzt bearbeitet 21.11.2024 05:51:54
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Keybase ≫ Keybase Version < 5.6.0

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Keybase ≫ Keybase Version < 5.6.1

Redhat ≫ Linux Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.108

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://github.com/keybase/client/releases

Third Party Advisory

Release Notes

https://hackerone.com/reports/1074930

Third Party Advisory

Exploit

Issue Tracking

https://johnjhacking.com/blog/cve-2021-23827/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-23827

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23827

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23827

EUVD