CVE-2020-17448

{"id": "CVE-2020-17448", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-08-11T17:15:12.017", "references": [{"url": "https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202101-34", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://telegram.org", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202101-34", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://telegram.org", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension."}, {"lang": "es", "value": "Telegram Desktop versiones hasta 2.1.13, permite a un tipo de archivo falsificado omitir el mecanismo de protecci\u00f3n Dangerous File Type Execution, como es demostrado al usar la ventana de chat con un nombre de archivo que carece de una extensi\u00f3n"}], "lastModified": "2024-11-21T05:08:08.143", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:telegram:telegram_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE57DAC3-AEA3-4915-A5D6-72FB9B84F7C2", "versionEndIncluding": "2.1.13"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}