CVE-2021-33839

Опубликовано: 04 июн. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting.

Ссылки

https://github.com/mame82/misc/blob/master/luca_traceIds.md
Third Party Advisory
https://luca-app.de/securityoverview/properties/objectives.html
Vendor Advisory
https://twitter.com/patrick_hennig/status/1387738281757061125
Third Party Advisory
https://youtu.be/jWyDfEB0m08
Exploit
Third Party Advisory
https://github.com/mame82/misc/blob/master/luca_traceIds.md
Third Party Advisory
https://luca-app.de/securityoverview/properties/objectives.html
Vendor Advisory
https://twitter.com/patrick_hennig/status/1387738281757061125
Third Party Advisory
https://youtu.be/jWyDfEB0m08
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:luca-app:luca:*:*:*:*:*:android:*:*

Версия до 1.7.4 (включая)

EPSS

Процентиль: 84%

0.02088

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-x4jr-cxw4-2x5h

github

больше 3 лет назад