CVE-2018-3986

Published: Jan 3, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. There is a bug in this functionality that leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.

Affected (1)

Products: Telegram: Telegram

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Telegram Telegram	Version 4.9.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/106295

Source: talos-cna@cisco.com

Broken LinkThird Party AdvisoryVDB Entry

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0654

Source: talos-cna@cisco.com

ExploitThird Party Advisory

http://www.securityfocus.com/bid/106295

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0654

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.