CVE-2021-26833

Name of the Vulnerable Software and Affected Versions: TimelyBills versions 1.7.0 and earlier for iOS TimelyBills versions 1.21.115 and earlier for Android

Description: The issue allows an attacker with local file access to obtain JWT tokens for a user's account due to insufficient cache clearing mechanisms. This can lead to the exposure of sensitive user data, as the JWT tokens are signed and encoded but not encrypted, allowing a threat actor to decode them and access the information.

Recommendations: For TimelyBills versions 1.7.0 and earlier for iOS, update to a version later than 1.7.0 to resolve the issue. For TimelyBills versions 1.21.115 and earlier for Android, update to a version later than 1.21.115 to resolve the issue. As a temporary workaround, consider restricting access to the local file system to minimize the risk of exploitation.