Vulnerabilities > Health > Covidsafe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-14292 | Unspecified vulnerability in Health Covidsafe In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone. low complexity health | 5.7 |
| 2020-05-18 | CVE-2020-12860 | Improper Privilege Management vulnerability in Health Covidsafe 1.0.11/1.0.16/1.0.17 COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. | 5.3 |
| 2020-05-18 | CVE-2020-12859 | Cleartext Storage of Sensitive Information vulnerability in Health Covidsafe 1.0.11/1.0.16/1.0.17 Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. | 5.3 |
| 2020-05-14 | CVE-2020-12717 | The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. | 6.5 |