First published: Fri Apr 02 2021(Updated: )
wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wire | <=2019-07-11-13-18 | |
Wire | =2019-02-11-staging0 | |
Wire | =2019-02-11-staging1 | |
Wire | =2019-02-11-staging2 | |
Wire | =2019-02-13-staging0 | |
Wire | =2019-02-18-staging0 | |
Wire | =2019-02-27-staging0 | |
Wire | =2019-02-28-staging0 | |
Wire | =2019-02-28-staging1 | |
Wire | =2019-03-05-staging0 | |
Wire | =2019-03-07-staging0 | |
Wire | =2019-03-11-staging0 | |
Wire | =2019-03-13-staging0 | |
Wire | =2019-03-13-staging1 | |
Wire | =2019-03-20-staging0 | |
Wire | =2019-03-25-staging0 | |
Wire | =2019-03-25-staging1 | |
Wire | =2019-03-28-staging0 | |
Wire | =2019-03-28-staging1 | |
Wire | =2019-04-08-staging0 | |
Wire | =2019-04-11-staging0 | |
Wire | =2019-04-18-staging0 | |
Wire | =2019-04-23-staging1 | |
Wire | =2019-04-25-staging0 | |
Wire | =2019-04-29-staging0 | |
Wire | =2019-05-14-staging0 | |
Wire | =2019-05-15-staging0 | |
Wire | =2019-05-31-staging0 | |
Wire | =2019-06-04-staging0 | |
Wire | =2019-06-20-staging0 | |
Wire | =2019-06-24-staging0 | |
Wire | =2019-06-25-staging0 | |
Wire | =2019-06-26-staging0 | |
Wire | =2019-07-01-staging0 | |
Wire | =2019-07-30-staging0 | |
Wire | =2019-08-01-staging0 | |
Wire | =2019-08-14-staging0 | |
Wire | =2019-08-19-staging0 | |
Wire | =2019-08-21-production0 | |
Wire | =2019-08-22-production0 | |
Wire | =2019-08-22-staging0 | |
Wire | =2019-08-27-staging0 | |
Wire | =2019-09-02-production0 | |
Wire | =2019-09-05-staging0 | |
Wire | =2019-09-09-staging0 | |
Wire | =2019-09-12-staging0 | |
Wire | =2019-09-13-staging0 | |
Wire | =2019-09-17-production0 | |
Wire | =2019-09-18-staging0 | |
Wire | =2019-09-23-staging0 | |
Wire | =2019-09-24-production0 | |
Wire | =2019-10-07-staging0 | |
Wire | =2019-10-07-staging1 | |
Wire | =2019-10-08-staging0 | |
Wire | =2019-10-10-staging0 | |
Wire | =2019-10-10-staging1 | |
Wire | =2019-10-14-staging0 | |
Wire | =2019-10-16-production0 | |
Wire | =2019-10-16-production1 | |
Wire | =2019-10-16-staging0 | |
Wire | =2019-10-16-staging1 | |
Wire | =2019-10-21-staging0 | |
Wire | =2019-10-25-staging0 | |
Wire | =2019-10-29-staging0 | |
Wire | =2019-10-31-staging0 | |
Wire | =2019-11-01-production0 | |
Wire | =2019-11-08-staging0 | |
Wire | =2019-11-12-staging0 | |
Wire | =2019-11-19-staging0 | |
Wire | =2019-11-21-production0 | |
Wire | =2019-11-21-staging0 | |
Wire | =2019-11-25-staging0 | |
Wire | =2019-11-26-production0 | |
Wire | =2019-12-12-staging0 | |
Wire | =2019-12-20-staging0 | |
Wire | =2020-01-06-production0 | |
Wire | =2020-01-09-staging0 | |
Wire | =2020-01-13-production0 | |
Wire | =2020-01-15-staging0 | |
Wire | =2020-01-16-staging0 | |
Wire | =2020-01-17-staging0 | |
Wire | =2020-01-21-staging0 | |
Wire | =2020-01-22-production0 | |
Wire | =2020-02-06-staging0 | |
Wire | =2020-02-11-staging0 | |
Wire | =2020-02-11-staging1 | |
Wire | =2020-02-14-production0 | |
Wire | =2020-02-18-staging0 | |
Wire | =2020-02-20-staging0 | |
Wire | =2020-02-24-staging0 | |
Wire | =2020-02-26-staging0 | |
Wire | =2020-02-28-staging0 | |
Wire | =2020-03-03-production0 | |
Wire | =2020-03-03-staging0 | |
Wire | =2020-03-06-staging0 | |
Wire | =2020-03-12-staging0 | |
Wire | =2020-03-18-staging0 | |
Wire | =2020-03-20-staging0 | |
Wire | =2020-03-23-production0 | |
Wire | =2020-03-30-staging0 | |
Wire | =2020-04-01-staging0 | |
Wire | =2020-04-07-production0 | |
Wire | =2020-04-09-staging0 | |
Wire | =2020-04-16-staging0 | |
Wire | =2020-04-21-production0 | |
Wire | =2020-04-22-staging0 | |
Wire | =2020-04-23-staging0 | |
Wire | =2020-04-28-staging0 | |
Wire | =2020-04-29-production0 | |
Wire | =2020-05-04-staging0 | |
Wire | =2020-05-06-staging0 | |
Wire | =2020-05-07-production0 | |
Wire | =2020-05-07-staging0 | |
Wire | =2020-05-13-staging0 | |
Wire | =2020-05-14-staging0 | |
Wire | =2020-05-15-staging0 | |
Wire | =2020-05-18-staging0 | |
Wire | =2020-05-19-staging0 | |
Wire | =2020-05-20-production0 | |
Wire | =2020-05-22-staging0 | |
Wire | =2020-05-26-staging0 | |
Wire | =2020-05-27-staging0 | |
Wire | =2020-05-28-staging0 | |
Wire | =2020-05-29-staging0 | |
Wire | =2020-06-02-production0 | |
Wire | =2020-06-05-staging0 | |
Wire | =2020-06-08-staging0 | |
Wire | =2020-06-10-staging0 | |
Wire | =2020-06-12-staging0 | |
Wire | =2020-06-15-production0 | |
Wire | =2020-06-15-staging0 | |
Wire | =2020-06-19-staging0 | |
Wire | =2020-06-24-production0 | |
Wire | =2020-06-29-staging0 | |
Wire | =2020-07-07-staging0 | |
Wire | =2020-07-07-staging1 | |
Wire | =2020-07-13-staging0 | |
Wire | =2020-07-16-staging0 | |
Wire | =2020-07-24-production0 | |
Wire | =2020-07-24-staging0 | |
Wire | =2020-07-24-staging1 | |
Wire | =2020-08-06-staging0 | |
Wire | =2020-08-12-staging0 | |
Wire | =2020-08-12-staging1 | |
Wire | =2020-08-14-staging0 | |
Wire | =2020-08-18-staging0 | |
Wire | =2020-08-19-staging0 | |
Wire | =2020-08-21-staging0 | |
Wire | =2020-08-25-staging0 | |
Wire | =2020-08-26-production0 | |
Wire | =2020-09-02-staging0 | |
Wire | =2020-09-03-staging0 | |
Wire | =2020-09-04-staging0 | |
Wire | =2020-09-08-staging0 | |
Wire | =2020-09-11-production0 | |
Wire | =2020-09-17-staging0 | |
Wire | =2020-09-18-staging0 | |
Wire | =2020-09-21-production0 | |
Wire | =2020-09-28-staging0 | |
Wire | =2020-09-29-production0 | |
Wire | =2020-10-01-staging0 | |
Wire | =2020-10-06-staging0 | |
Wire | =2020-10-07-production0 | |
Wire | =2020-10-07-staging0 | |
Wire | =2020-10-08-production0 | |
Wire | =2020-10-14-staging0 | |
Wire | =2020-10-15-staging0 | |
Wire | =2020-10-21-staging0 | |
Wire | =2020-10-21-staging1 | |
Wire | =2020-10-26-staging0 | |
Wire | =2020-10-27-staging0 | |
Wire | =2020-10-28-production0 | |
Wire | =2020-11-09-production0 | |
Wire | =2020-11-30-production0 | |
Wire | =2020-11-30-staging0 | |
Wire | =2020-12-10-staging0 | |
Wire | =2020-12-14-production0 | |
Wire | =2021-01-18-production0 | |
Wire | =2021-01-18-staging1 | |
Wire | =2021-01-27-staging0 | |
Wire | =2021-02-02-production0 | |
Wire | =2021-02-03-staging0 | |
Wire | =2021-02-04-staging0 | |
Wire | =2021-02-15-staging0 | |
Wire | =2021-02-17-production0 | |
Wire | =2021-02-18-staging0 | |
Wire | =2021-02-22-staging1 | |
Wire | =2021-02-26-staging0 | |
Wire | =2021-03-04-production0 | |
Wire | =2021-03-05-staging0 | |
Wire | =2021-03-10-staging0 | |
Wire | =2021-03-15-production0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21400 is classified as a high severity vulnerability.
To fix CVE-2021-21400, upgrade wire-webapp to version 2021-03-15-production.0 or later.
CVE-2021-21400 can lead to unintended disclosure of the app-lock passphrase to the most recently used chat.
Versions of wire-webapp prior to 2021-03-15-production.0 are affected by CVE-2021-21400.
Yes, CVE-2021-21400 is a client-side vulnerability affecting the user's device.