CVE-2021-34421 — LOW (3.7) — White Hats Nepal

Vulnerability Description

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Keybase	Keybase	5.8.0

Related Weaknesses (CWE)

CWE-459

References

https://explore.zoom.us/en/trust/security/security-bulletinThird Party Advisory
https://explore.zoom.us/en/trust/security/security-bulletinThird Party Advisory

FAQ

What is CVE-2021-34421?

CVE-2021-34421 is a vulnerability with a CVSS score of 3.7 (LOW). The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the ...

How severe is CVE-2021-34421?

CVE-2021-34421 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34421?

Check the references section above for vendor advisories and patch information. Affected products include: Keybase Keybase.