Vulnerabilities > Health > Covidsafe > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-18 CVE-2020-12860 Information Exposure vulnerability in Health Covidsafe 1.0.11/1.0.16
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them.
network
low complexity
health CWE-200
5.0
2020-05-18 CVE-2020-12859 Cleartext Storage of Sensitive Information vulnerability in Health Covidsafe 1.0.11/1.0.16
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data.
network
low complexity
health CWE-312
5.0
2020-05-18 CVE-2020-12858 Improper Initialization vulnerability in Health Covidsafe 1.0.11/1.0.16
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.
network
low complexity
health CWE-665
5.0
2020-05-18 CVE-2020-12857 Information Exposure vulnerability in Health Covidsafe 1.0.11/1.0.16
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
network
low complexity
health CWE-200
5.0
2020-05-14 CVE-2020-12717 The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short.
low complexity
alberta tracetogether health gov
6.5