Описание
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:keybase:keybase:2.13.2:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 36%
0.00148
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation.
EPSS
Процентиль: 36%
0.00148
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347