CVE-2020-24721

Опубликовано: 30 сент. 2020

Источник: nvd

CVSS3: 5.7

CVSS2: 3.3

EPSS Низкий

Описание

An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework.

Ссылки

http://packetstormsecurity.com/files/159419/Corona-Exposure-Notifications-API-Data-Leakage.html
Third Party Advisory
VDB Entry
https://blog.google/inside-google/company-announcements/update-exposure-notifications
Vendor Advisory
https://github.com/minvws/nl-covid19-notification-app-coordination/blob/master/CVEs/CVE-2020-24721.txt
Third Party Advisory
https://seclists.org/fulldisclosure/2020/Sep/53
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/159419/Corona-Exposure-Notifications-API-Data-Leakage.html
Third Party Advisory
VDB Entry
https://blog.google/inside-google/company-announcements/update-exposure-notifications
Vendor Advisory
https://github.com/minvws/nl-covid19-notification-app-coordination/blob/master/CVEs/CVE-2020-24721.txt
Third Party Advisory
https://seclists.org/fulldisclosure/2020/Sep/53
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:exposure_notifications:*:*:*:*:*:iphone_os:*:*

Версия до 1.5 (включая)

cpe:2.3:a:google:exposure_notifications:*:*:*:*:*:android:*:*

Версия до 1.5 (включая)

EPSS

Процентиль: 22%

0.00074

Низкий

5.7 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-9pjj-6grx-8qjx

github

больше 3 лет назад

An issue was discovered in the GAEN (aka Google Apple Encounter Notification) protocol through 2020-08-27, as used in Corona applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or dis-proving an encounter notification.