CVE-2018-17499
2.9
CVSS:3.0/AC:H/C:L/I:N/PR:N/A:N/AV:L/S:U/UI:N/RC:C/E:U/RL:O
Summary
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Envoy | Envoy Passport for iPhone | 2.2.5 | affected |
| Envoy | Envoy Passport for Android | 2.4.0 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.