Strix
26.1K

CVE-2021-21400

MEDIUMCVSS 6.5/10EPSS 1.12%

Last modified

CVE-2021-21400 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. EPSS estimates a 1.12% chance of exploitation in the next 30 days.

Description

wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Probability
1.12%

62.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
WireWire-Webapp<= 2019-07-11-13-18
WireWire-Webapp2019-02-11Staging0
WireWire-Webapp2019-02-13Staging0
WireWire-Webapp2019-02-18Staging0
WireWire-Webapp2019-02-27Staging0
WireWire-Webapp2019-02-28Staging0
WireWire-Webapp2019-03-05Staging0
WireWire-Webapp2019-03-07Staging0
WireWire-Webapp2019-03-11Staging0
WireWire-Webapp2019-03-13Staging0
WireWire-Webapp2019-03-20Staging0
WireWire-Webapp2019-03-25Staging0
WireWire-Webapp2019-03-28Staging0
WireWire-Webapp2019-04-08Staging0
WireWire-Webapp2019-04-11Staging0
WireWire-Webapp2019-04-18Staging0
WireWire-Webapp2019-04-23Staging1
WireWire-Webapp2019-04-25Staging0
WireWire-Webapp2019-04-29Staging0
WireWire-Webapp2019-05-14Staging0
WireWire-Webapp2019-05-15Staging0
WireWire-Webapp2019-05-31Staging0
WireWire-Webapp2019-06-04Staging0
WireWire-Webapp2019-06-20Staging0
WireWire-Webapp2019-06-24Staging0
WireWire-Webapp2019-06-25Staging0
WireWire-Webapp2019-06-26Staging0
WireWire-Webapp2019-07-01Staging0
WireWire-Webapp2019-07-30Staging0
WireWire-Webapp2019-08-01Staging0
WireWire-Webapp2019-08-14Staging0
WireWire-Webapp2019-08-19Staging0
WireWire-Webapp2019-08-21Production0
WireWire-Webapp2019-08-22Production0
WireWire-Webapp2019-08-27Staging0
WireWire-Webapp2019-09-02Production0
WireWire-Webapp2019-09-05Staging0
WireWire-Webapp2019-09-09Staging0
WireWire-Webapp2019-09-12Staging0
WireWire-Webapp2019-09-13Staging0
WireWire-Webapp2019-09-17Production0
WireWire-Webapp2019-09-18Staging0
WireWire-Webapp2019-09-23Staging0
WireWire-Webapp2019-09-24Production0
WireWire-Webapp2019-10-07Staging0
WireWire-Webapp2019-10-08Staging0
WireWire-Webapp2019-10-10Staging0
WireWire-Webapp2019-10-14Staging0
WireWire-Webapp2019-10-16Production0
WireWire-Webapp2019-10-21Staging0

Showing 50 of 167 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-21400?
wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.
How severe is CVE-2021-21400?
CVE-2021-21400 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 1.12% probability of exploitation in the next 30 days.
How do I fix CVE-2021-21400?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-21400?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST