Description
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://explore.zoom.us/en/trust/security/security-bulletin
Scores
CVSS v3
3.7
EPSS
0.0069
EPSS Percentile
47.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-459
Status
published
Products (1)
keybase/keybase
5.8.0 (2 CPE variants)
Published
Nov 11, 2021
Tracked Since
Feb 18, 2026