CVE Vulnerability

CVE-2021-34422

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.

6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://explore.zoom.us/en/trust/security/security-bulletin Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:keybase:keybase:*:*:*:*:*:windows:*:*
Information

Published : 2021-11-11 11:15

Updated : 2021-11-16 07:42

NVD link : CVE-2021-34422

Mitre link : CVE-2021-34422

Products Affected
No products.
CWE
CWE-22