Vulnerabilities > CVE-2021-33838 - Information Exposure Through Discrepancy vulnerability in Luca-App Luca

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

luca-app

CWE-203

NVD

Published: 2021-06-04

Updated: 2023-08-08

Summary

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because requests related to Check-In State occur shortly after requests for Phone Number Registration.

Vulnerable Configurations

Part	Description	Count
Application	Luca-App Luca APP Luca *	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.ccc.de/de/updates/2021/luca-app-ccc-fordert-bundesnotbremse
https://github.com/mame82/misc/blob/master/luca_traceIds.md
https://www.youtube.com/playlist?list=PLKuX6iczGb3kuDsm2RFgbmRkTugkR9-UE
https://luca-app.de/securityoverview/properties/objectives.html