CVE-2021-34421 LOW

CVE-2021-34421: Retained exploded messages in Keybase Clients for Android and iOS

Vendor Zoom Video Communications Inc
Product Keybase Client for Android
Published November 11, 2021
Last update September 17, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.

Key dates

02Disclosure timeline

November 11, 2021 CVE published
September 17, 2024 Record updated