How severe is CVE-2021-38505?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-38505?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2021-38505 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Related Vulnerabilities

CVE-2012-5639

MEDIUM

CVSS:6.5(Medium)

LibreOffice and OpenOffice automatically open embedded content

CWE-6682012

CVE-2018-20237

MEDIUM

CVSS:6.5(Medium)

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

CWE-6682018

CVE-2019-12875

MEDIUM

CVSS:6.5(Medium)

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.

CWE-6682019

CVE-2019-4306

MEDIUM

CVSS:6.5(Medium)

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that re...

CWE-6682019

CVE-2020-12687

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve a...

CWE-6682020

CVE-2020-14064

MEDIUM

CVSS:6.5(Medium)

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.

CWE-6682020