CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-26833

Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.1%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

https://beefaaubee.medium.com/cve-2021-26833-cleartext-storage-in-a-file-or-on-disk-in-timelybills-1-7-0-5760dc461bd0
https://beefaaubee.medium.com/cve-2021-26833-cleartext-storage-in-a-file-or-on-disk-in-timelybills-1-7-0-5760dc461bd0

Products affected by CVE-2021-26833

Timelybills » Timelybills » Version: N/A

cpe:2.3:a:timelybills:timelybills:-
Timelybills » Timelybills » Version: 1.21.115

cpe:2.3:a:timelybills:timelybills:1.21.115
Timelybills » Timelybills » Version: 1.7.0

cpe:2.3:a:timelybills:timelybills:1.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26833

Products

Pricing

Contact Us