Vulnerabilities (CVE)

Filtered by vendor Health Subscribe
Filtered by product Covidsafe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14292 1 Health 1 Covidsafe 2024-11-21 2.9 LOW 5.7 MEDIUM
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.
CVE-2020-12860 1 Health 1 Covidsafe 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.
CVE-2020-12859 1 Health 1 Covidsafe 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations.
CVE-2020-12858 1 Health 1 Covidsafe 2024-11-21 5.0 MEDIUM 7.5 HIGH
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.
CVE-2020-12857 1 Health 1 Covidsafe 2024-11-21 5.0 MEDIUM 7.5 HIGH
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
CVE-2020-12856 3 Alberta, Health, Tracetogether 3 Abtracetogether, Covidsafe, Tracetogether 2024-11-21 7.5 HIGH 9.8 CRITICAL
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.
CVE-2020-12717 4 Alberta, Gov, Health and 1 more 4 Abtracetogether, Protego Safe, Covidsafe and 1 more 2024-11-21 3.3 LOW 6.5 MEDIUM
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.