CVE-2018-17780

Published: Sep 29, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.

Affected (2)

Products: Telegram: Telegram Desktop, Telegram Messenger

2 products

Telegram Desktop

Telegram Messenger

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Telegram Telegram Desktop	Version 1.3.14
Telegram Telegram Messenger	Version 3.3.0.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/105521

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.securityfocus.com/bid/105521

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.