CVE-2021-21400 Information

Jun 07, 2022 cve

Description

wire-webapp is an open-source front end for Wire a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0 when being prompted to enter the app-lock passphrase the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0 https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73a60062 https://github.com/wireapp/wire-webapp/pull/10704 https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5

Share on: