wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.
References
Link | Resource |
---|---|
https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73a60062 | Patch Third Party Advisory |
https://github.com/wireapp/wire-webapp/pull/10704 | Patch Third Party Advisory |
https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0 | Release Notes Third Party Advisory |
https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Apr 2021, 12:57
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73a60062 - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp - Third Party Advisory | |
References | (MISC) https://github.com/wireapp/wire-webapp/pull/10704 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0 - Release Notes, Third Party Advisory | |
CWE | CWE-200 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
CPE | cpe:2.3:a:wire:wire-webapp:2019-06-25:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-01-09:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-18:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-11-30:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-02-28:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-07-01:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-02-04:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-06:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-04-23:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-09-17:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-15:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-04:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-07:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-07:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-21:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-14:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-07-24:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-01-18:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-27:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-09-05:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-04:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-02-22:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-12:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-08-14:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-11:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-04-29:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-08-14:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-08-22:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-07-16:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-11-26:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-16:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-03-03:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-28:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-04-23:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-02-26:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-15:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-07-30:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-02-17:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-07:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-08-21:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-25:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-02-13:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-14:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-01-06:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-02-11:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-02-11:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-02-11:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-08-22:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-11-08:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-29:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-04-11:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-07-07:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-09-24:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-12-12:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-15:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-08-19:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-28:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-08-12:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-16:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-02-26:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-16:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-08-19:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-01-21:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-05:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-08-12:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-11-19:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-02-02:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-19:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-11-25:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-08-26:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-03-10:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-04-01:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:*:*:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-09-09:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-09-13:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-08-06:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-01-17:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-04-29:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-01-22:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-29:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-07-24:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-13:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-11-01:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-04-16:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-28:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-29:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-08-27:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-03-12:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-09-18:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-18:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-14:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-07:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-02-28:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-02-18:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-07-24:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-06-26:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-25:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-11-12:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-25:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-06-20:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-12-20:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-02-24:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-11-30:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-20:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-11:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-07-13:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-08:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-13:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-02:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-03-04:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-03-23:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-12-14:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-02-11:staging2:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-02-11:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-03-30:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-04-18:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-03-18:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-28:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-20:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-01-15:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-24:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-05-15:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-02-06:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-08-25:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-01-27:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-04-09:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-02:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-17:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-02-14:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-27:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-01-18:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-04-28:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-01-13:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-11-09:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-08:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-08-18:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-09-02:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-04-22:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-02-15:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-08:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-16:production1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-08:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-26:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-02-27:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-22:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-03-15:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-06-04:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-03-05:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-02-18:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-02-28:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-03-03:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-03-20:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-07:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-26:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-04-25:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-02-18:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-04-08:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-12-10:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-21:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-09-23:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-03-06:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-06-24:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-05-31:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-09-03:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-07:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-21:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-06:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-10:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-10:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-08-01:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-04-21:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-05:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-08-21:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-13:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-21:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-10-31:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-04-07:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-29:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2021-02-03:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-11-21:production0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-01:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-06-10:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-05-14:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-03-28:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-15:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-05-19:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-07-07:staging1:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-10-07:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-01-16:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-09-12:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2020-02-20:staging0:*:*:*:*:*:* cpe:2.3:a:wire:wire-webapp:2019-11-21:staging0:*:*:*:*:*:* |
02 Apr 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-02 15:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-21400
Mitre link : CVE-2021-21400
CVE.ORG link : CVE-2021-21400
JSON object : View
Products Affected
wire
- wire-webapp
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor