CVE-2021-34421

EPSS 0.36%
Veröffentlicht 11.11.2021 23:15:09
Zuletzt bearbeitet 21.11.2024 06:10:22
Quelle security@zoom.us
CVE-Watchlists
Login
Unerledigt
Login

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Keybase ≫ Keybase Version5.8.0 SwPlatformandroid

Keybase ≫ Keybase Version5.8.0 SwPlatformiphone_os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.572

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
security@zoom.us	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

https://explore.zoom.us/en/trust/security/security-bulletin

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34421

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34421

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34421

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-34421