CVE-2021-34421
low-risk
Published 2021-11-11
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.
Do I need to act?
-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10
Low
NETWORK
/ HIGH complexity
Affected Products (2)
Keybase
Keybase
Affected Vendors
References (2)
Third Party Advisory
https://explore.zoom.us/en/trust/security/security-bulletin
Third Party Advisory
https://explore.zoom.us/en/trust/security/security-bulletin
21
/ 100
low-risk
Severity
13/34 · Low
Exploitability
1/34 · Minimal
Exposure
7/34 · Low