CVE Vulnerabilities

CVE-2020-12857

Incomplete Cleanup

Published: May 18, 2020 | Modified: Jul 21, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.

Weakness

The product does not properly “clean up” and remove temporary or supporting resources after they have been used.

Affected Software

Name Vendor Start Version End Version
Covidsafe Health * 1.0.17 (excluding)

Potential Mitigations

References