Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106207 | Broken Link Third Party Advisory VDB Entry |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 | Exploit Third Party Advisory |
http://www.securityfocus.com/bid/106207 | Broken Link Third Party Advisory VDB Entry |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/106207 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 - Exploit, Third Party Advisory |
Information
Published : 2018-12-10 17:29
Updated : 2024-11-21 04:06
NVD link : CVE-2018-3988
Mitre link : CVE-2018-3988
CVE.ORG link : CVE-2018-3988
JSON object : View
Products Affected
signal
- private_messenger
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor