How severe is CVE-2021-31815?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2021-31815?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2021-31815 - LOW Severity | CVSS 3.3

Vulnerability Description

GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment "began several weeks ago and will be complete in the coming days."

Related Vulnerabilities

CVE-2024-8013

LOW

CVSS:3.3(Low)

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphe...

CWE-3192024

CVE-2019-10397

LOW

CVSS:3.1(Low)

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

CWE-3192019

CVE-2020-13528

LOW

CVSS:3.1(Low)

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request...

CWE-3192020

CVE-2021-29769

LOW

CVSS:3.1(Low)

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values ...

CWE-3192021

CVE-2024-11946

LOW

CVSS:3.1(Low)

iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update ...

CWE-3192024

CVE-2023-30565

LOW

CVSS:3.5(Low)

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.

CWE-3192023