CVE-2018-3988

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.
References
Link Resource
http://www.securityfocus.com/bid/106207 Broken Link Third Party Advisory VDB Entry
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 Exploit Third Party Advisory
http://www.securityfocus.com/bid/106207 Broken Link Third Party Advisory VDB Entry
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:signal:private_messenger:4.24.8:*:*:*:*:android:*:*

History

21 Nov 2024, 04:06

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/106207 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/106207 - Broken Link, Third Party Advisory, VDB Entry
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 - Exploit, Third Party Advisory () https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 - Exploit, Third Party Advisory

Information

Published : 2018-12-10 17:29

Updated : 2024-11-21 04:06


NVD link : CVE-2018-3988

Mitre link : CVE-2018-3988

CVE.ORG link : CVE-2018-3988


JSON object : View

Products Affected

signal

  • private_messenger
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor