CVE-2021-34421

LOW

Keybase Client <5.8.0 - Info Disclosure

Title source: llm

Description

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.

References (1)

[Third Party Advisory] https://explore.zoom.us/en/trust/security/security-bulletin

Scores

CVSS v3 3.7

EPSS 0.0036

EPSS Percentile 57.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-459

Status published

Products (1)

keybase/keybase 5.8.0 (2 CPE variants)

Published Nov 11, 2021

Tracked Since Feb 18, 2026