CVE-2021-26833

MEDIUM Year: 2021
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-459
View all →

Vulnerability Description

Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted.

Related Vulnerabilities

CVE-2023-42794

MEDIUM
CVSS:5.9(Medium)

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progre...

CWE-4592023

CVE-2024-2403

MEDIUM
CVSS:5.9(Medium)

Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circums...

CWE-4592024

CVE-2023-20862

MEDIUM
CVSS:6.3(Medium)

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized...

CWE-4592023

CVE-2024-23672

MEDIUM
CVSS:6.3(Medium)

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue a...

CWE-4592024

CVE-2000-0552

MEDIUM
CVSS:5.5(Medium)

ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.

CWE-4592000

CVE-2002-0788

MEDIUM
CVSS:5.5(Medium)

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to stro...

CWE-4592002