CVE-2021-26833 - Vulnerability Details - OpenCVE

ReportizFlow

Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Timelybills	Timelybills

Configuration 1 [-]

OR	cpe:2.3:a:timelybills:timelybills::::::iphone_os::*
	cpe:2.3:a:timelybills:timelybills::::::android::*

No data.

References

Link	Providers
https://beefaaubee.medium.com/cve-2021-26833-cleartext-storage-in-a-file-or-on-disk-in-timelybills-1-7-0-5760dc461bd0

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-06T15:46:01

Updated: 2024-08-03T20:33:41.002Z

Reserved: 2021-02-05T00:00:00

Link: CVE-2021-26833

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-04-06T16:15:16.457

Modified: 2024-11-21T05:56:52.827

Link: CVE-2021-26833

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-06T16:49:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://beefaaubee.medium.com/cve-2021-26833-cleartext-storage-in-a-file-or-on-disk-in-timelybills-1-7-0-5760dc461bd0"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2021-26833", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://beefaaubee.medium.com/cve-2021-26833-cleartext-storage-in-a-file-or-on-disk-in-timelybills-1-7-0-5760dc461bd0", "refsource": "MISC", "url": "https://beefaaubee.medium.com/cve-2021-26833-cleartext-storage-in-a-file-or-on-disk-in-timelybills-1-7-0-5760dc461bd0"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:33:41.002Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://beefaaubee.medium.com/cve-2021-26833-cleartext-storage-in-a-file-or-on-disk-in-timelybills-1-7-0-5760dc461bd0"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-26833", "datePublished": "2021-04-06T15:46:01", "dateReserved": "2021-02-05T00:00:00", "dateUpdated": "2024-08-03T20:33:41.002Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:timelybills:timelybills:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "A6EBEB96-942E-4243-B4BC-951D4E2B2FF8", "versionEndIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:timelybills:timelybills:*:*:*:*:*:android:*:*", "matchCriteriaId": "242D7848-F6A0-4AF2-BA95-F2F7EAA3609C", "versionEndIncluding": "1.21.115", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted."}, {"lang": "es", "value": "Un almacenamiento de texto sin cifrar en un archivo o en disco en TimelyBills versiones anteriores a 1.7.0 incluy\u00e9ndola para iOS y versiones anteriores a 1.21.115 incluy\u00e9ndola para Android, permite a un atacante que puede leer localmente los archivos del usuario obtener tokens JWT para la cuenta del usuario debido a mecanismos de limpieza de cach\u00e9 insuficientes. Un actor de amenazas puede obtener datos confidenciales del usuario al decodificar los tokens, ya que JWT est\u00e1 firmado y codificado, no cifrado"}], "id": "CVE-2021-26833", "lastModified": "2024-11-21T05:56:52.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-04-06T16:15:16.457", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://beefaaubee.medium.com/cve-2021-26833-cleartext-storage-in-a-file-or-on-disk-in-timelybills-1-7-0-5760dc461bd0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://beefaaubee.medium.com/cve-2021-26833-cleartext-storage-in-a-file-or-on-disk-in-timelybills-1-7-0-5760dc461bd0"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "[email protected]", "type": "Primary"}]}