Clipboard Data Leak in Genymotion Desktop Affecting User Privacy
CVE-2021-27549

5.3MEDIUM

Key Information:

Vendor

Genymobile

Status
Genymotion Desktop
Vendor
CVE Published:
22 February 2021

What is CVE-2021-27549?

Genymotion Desktop versions up to 3.2.0 are designed to share clipboard data from the host machine to Android applications by default. This behavior raises significant privacy concerns, as it can inadvertently expose sensitive information from the host's clipboard. Users can modify this setting through the application’s Device settings, but the default configuration may lead to unintentional data sharing, highlighting the importance of being aware of privacy settings in software applications.

References

https://github.com/eybisi/misc/tree/main/clipwatch
x_refsource_MISC
https://www.genymotion.com/download/
x_refsource_MISC
https://twitter.com/0xabc0/status/1363856804602671104
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.