← back
CVE-2021-33839

CVE-2021-33839

EPSS 2.8%
Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/mame82/misc/blob/master/luca_traceIds.mdhttps://luca-app.de/securityoverview/properties/objectives.htmlhttps://twitter.com/patrick_hennig/status/1387738281757061125https://youtu.be/jWyDfEB0m08