CVE-2020-10570

{"id": "CVE-2020-10570", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2020-03-24T14:15:12.217", "references": [{"url": "https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-10570", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-10570", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature."}, {"lang": "es", "value": "La aplicaci\u00f3n Telegram versiones hasta 5.12 para Android, cuando Show Popup est\u00e1 habilitado, podr\u00eda permitir a atacantes f\u00edsicamente pr\u00f3ximos omitir restricciones previstas en la lectura y respuesta de mensajes. Esto podr\u00eda interpretarse como una omisi\u00f3n de la funcionalidad de c\u00f3digo de acceso."}], "lastModified": "2024-11-21T04:55:36.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:telegram:telegram:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "6F2A5F7E-389F-43B6-A687-83E1CC47E369", "versionEndIncluding": "5.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}