Description
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging.
References (2)
Core 2
Core References
Product, Third Party Advisory x_refsource_misc
https://play.google.com/store/apps/details?id=com.taidii.diibear&hl=en_US&gl=US
Third Party Advisory x_refsource_misc
https://github.com/galapogos/Taidii-Diibear-Vulnerabilities/
Scores
CVSS v3
5.5
EPSS
0.0010
EPSS Percentile
27.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (1)
taidii/diibear
2.4.0
Published
Mar 17, 2021
Tracked Since
Feb 18, 2026