CVE-2021-27549

Опубликовано: 22 фев. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen

Ссылки

https://docs.genymotion.com/desktop/latest/02_Application.html
Release Notes
Vendor Advisory
https://github.com/eybisi/misc/tree/main/clipwatch
Product
https://twitter.com/0xabc0/status/1363788023956185090
Third Party Advisory
https://twitter.com/0xabc0/status/1363855602477387783
Third Party Advisory
https://twitter.com/0xabc0/status/1363856804602671104
Third Party Advisory
https://www.genymotion.com/download/
Product
https://www.youtube.com/watch?v=Tod8Q6sf0P8
Exploit
Third Party Advisory
https://docs.genymotion.com/desktop/latest/02_Application.html
Release Notes
Vendor Advisory
https://github.com/eybisi/misc/tree/main/clipwatch
Product
https://twitter.com/0xabc0/status/1363788023956185090
Third Party Advisory
https://twitter.com/0xabc0/status/1363855602477387783
Third Party Advisory
https://twitter.com/0xabc0/status/1363856804602671104
Third Party Advisory
https://www.genymotion.com/download/
Product
https://www.youtube.com/watch?v=Tod8Q6sf0P8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:genymobile:genymotion_desktop:*:*:*:*:*:-:*:*

Версия до 3.2.0 (включая)

EPSS

Процентиль: 44%

0.00216

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-mxrq-2vqc-2jh4