CVE-2021-23827
N/A
N/A
Summary
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/keybase/client/releases
- https://johnjhacking.com/blog/cve-2021-23827/
- https://hackerone.com/reports/1074930
References
- https://github.com/keybase/client/releases
- https://johnjhacking.com/blog/cve-2021-23827/
- https://hackerone.com/reports/1074930
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.