← Back

CVE-2021-34421

nvd nist
Published: Nov 11, 2021Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.

Affected (2)

Products: Keybase: Keybase
Keybase
1 product
Keybase
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Keybase
Keybase
Version 5.8.0
Keybase
Version 5.8.0

Related CWEs

CWE-459
Incomplete Cleanup
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (2)

Source: security@zoom.us
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.