Vulnerability Description
wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wire | Wire-Webapp | <= 2019-07-11-13-18 |
Related Weaknesses (CWE)
References
- https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73PatchThird Party Advisory
- https://github.com/wireapp/wire-webapp/pull/10704PatchThird Party Advisory
- https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0Release NotesThird Party Advisory
- https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hpThird Party Advisory
- https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73PatchThird Party Advisory
- https://github.com/wireapp/wire-webapp/pull/10704PatchThird Party Advisory
- https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0Release NotesThird Party Advisory
- https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hpThird Party Advisory
FAQ
What is CVE-2021-21400?
CVE-2021-21400 is a vulnerability with a CVSS score of 7.1 (HIGH). wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the type...
How severe is CVE-2021-21400?
CVE-2021-21400 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21400?
Check the references section above for vendor advisories and patch information. Affected products include: Wire Wire-Webapp.