Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 772209 (CVE-2021-23827) - app-crypt/keybase: unnecessary storage of sensitive data (CVE-2021-23827)
Summary: app-crypt/keybase: unnecessary storage of sensitive data (CVE-2021-23827)
Status: CONFIRMED
Alias: CVE-2021-23827
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://johnjhacking.com/blog/cve-202...
Whiteboard: ~4 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-23 01:58 UTC by John Helmert III
Modified: 2021-07-29 18:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-02-23 01:58:11 UTC
CVE-2021-23827:

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.


Fixed in 5.6.1. Please bump.
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:23:54 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:32:20 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:40:13 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:48:23 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 18:04:20 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:12:38 UTC
Package list is empty or all packages have requested keywords.