CVE-2020-12857Incomplete Cleanup in Covidsafe

CWE-459Incomplete Cleanup2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Health Covidsafe
Timeline
PublishedMay 18

Description

Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDhealth/covidsafe< 1.0.17

🔴Vulnerability Details

1
CVEList
CVE-2020-12857: Caching of GATT characteristic values (TempID) in COVIDSafe v12020-05-18
CVE-2020-12857 — Incomplete Cleanup in Health Covidsafe | cvebase