Skip to main content

Keybase

7 CVEs product

Monthly

CVE-2021-34426 HIGH This Week

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Keybase
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34422 CRITICAL Act Now

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal RCE Keybase
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2021-34421 MEDIUM This Month

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Keybase
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-23827 MEDIUM POC This Month

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft Information Disclosure Keybase
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-16992 HIGH This Week

The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Apple Information Disclosure Keybase
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-7249 CRITICAL POC Act Now

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Keybase
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-18629 HIGH POC This Week

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keybase
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Keybase
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal RCE +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Apple Information Disclosure +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Keybase
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keybase
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy