← Zuruck zu CVEs
CVE-2021-21400
HIGH7.1
Beschreibung
wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.
CVE Details
CVSS v3.1 Bewertung7.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht4/2/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
wire:wire-webapp
Schwachen (CWE)
CWE-200CWE-200
Referenzen
https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73a60062(security-advisories@github.com)
https://github.com/wireapp/wire-webapp/pull/10704(security-advisories@github.com)
https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0(security-advisories@github.com)
https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp(security-advisories@github.com)
https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73a60062(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/wireapp/wire-webapp/pull/10704(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.