Home > Vulnerability Database > CVE-2021-21400

Mend.io Vulnerability Database

CVE-2021-21400

Good to know:

Date: April 2, 2021

wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.

Language: TYPE_SCRIPT

Severity Score

6.5

Related Resources (6)

Url: https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0

Url: https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp

Url: https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73a60062

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-21400

Url: https://github.com/wireapp/wire-webapp/pull/10704

Url: https://www.mend.io/vulnerability-database/CVE-2021-21400

Severity Score

6.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version 2021-03-10-staging.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-21400

Good to know:

Date: April 2, 2021

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?