{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"RNP","repo":"https://github.com/rnpgp/rnp","vendor":"Ribose","versions":[{"lessThan":"0.15.1","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Kai Engert (Mozilla)"},{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Mozilla Thunderbird users"}],"datePublic":"2021-05-29T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><div>A key decrypted through `rnp_key_unprotect` will remain unprotected&nbsp;after after a subsequent call of `rnp_key_protect`.&nbsp;<br><span style=\"background-color: var(--wht);\"><br>This issue affects RNP: before 0.15.1.</span></div></div>"}],"value":"A key decrypted through `rnp_key_unprotect` will remain unprotected after after a subsequent call of `rnp_key_protect`. \n\nThis issue affects RNP: before 0.15.1.\n\n\n\n"}],"impacts":[{"capecId":"CAPEC-37","descriptions":[{"lang":"en","value":"CAPEC-37 Retrieve Embedded Sensitive Data"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-522","description":"CWE-522 Insufficiently Protected Credentials","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-922","description":"CWE-922 Insecure Storage of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"00000000-0000-4000-9000-000000000000"},"references":[{"tags":["issue-tracking"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1710290#c0"},{"tags":["vendor-advisory"],"url":"https://www.ribose.com/advisories/ra-2021-05-30/#CVE-2021-33589"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><div>From RNP 0.15.1 and onwards `rnp_key_protect` implements re-protection&nbsp;for keys that have been \"`unprotected`\" by `rnp_key_unprotect`.</div><div><div><br>Upgrading to RNP 0.15.1 fixes this issue. If unprotected keys have&nbsp;been saved outside of RNP, a re-protection step needs to apply.</div></div></div>"}],"value":"From RNP 0.15.1 and onwards `rnp_key_protect` implements re-protection for keys that have been \"`unprotected`\" by `rnp_key_unprotect`.\n\n\nUpgrading to RNP 0.15.1 fixes this issue. If unprotected keys have been saved outside of RNP, a re-protection step needs to apply.\n\n\n\n\n\n"},{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><div>For Thunderbird users, auto-re-protection has been implemented in the&nbsp;latest release. Please refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://bugzilla.mozilla.org/show_bug.cgi?id=1710290#c0[Bugzilla\">Bugzilla</a> Bug 1710290&nbsp;for more details.</div></div>"}],"value":"For Thunderbird users, auto-re-protection has been implemented in the latest release. Please refer to  Bugzilla https://bugzilla.mozilla.org/show_bug.cgi  Bug 1710290 for more details.\n\n\n\n"}],"source":{"advisory":"RA-2021-05-30","discovery":"UPSTREAM"},"title":"Key protection settings not copied after unprotect action","x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"00000000-0000-4000-9000-000000000000","cveId":"CVE-2021-33589","requesterUserId":"00000000-0000-4000-9000-000000000000","serial":1,"state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.0"}