How severe is CVE-2024-21668?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-21668?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2024-21668

MEDIUM Year: 2024

CVSS v3 Score

4.9

Medium

Weakness Type

CWE-532

View all →

Vulnerability Description

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0.

CVE-2017-16946

MEDIUM

CVSS:4.9(Medium)

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

CWE-5322017

CVE-2019-0380

MEDIUM

CVSS:4.9(Medium)

Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Dis...

CWE-5322019

CVE-2019-19150

MEDIUM

CVSS:4.9(Medium)

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached t...

CWE-5322019

CVE-2019-1961

MEDIUM

CVSS:4.9(Medium)

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected dev...

CWE-5322019

CVE-2020-7021

MEDIUM

CVSS:4.9(Medium)

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive...

CWE-5322020

CVE-2021-22219

MEDIUM

CVSS:4.9(Medium)

All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtai...

CWE-5322021

CVE-2024-21668

Vulnerability Description

Related Vulnerabilities

CVE-2017-16946

CVE-2019-0380

CVE-2019-19150

CVE-2019-1961

CVE-2020-7021

CVE-2021-22219