CVE-2020-1904

{"id": "CVE-2020-1904", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-10-06T18:15:16.203", "references": [{"url": "https://www.whatsapp.com/security/advisories/2020/", "tags": ["Vendor Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://www.whatsapp.com/security/advisories/2020/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-23"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages."}, {"lang": "es", "value": "Un problema de validaci\u00f3n de rutas en WhatsApp para iOS anterior a la v2.20.61 y en WhatsApp Business para iOS anterior a la v2.20.61 podr\u00eda haber permitido atravesar directorios sobrescribiendo archivos al enviar archivos docx, xlsx y pptx especialmente dise\u00f1ados como adjuntos a los mensajes"}], "lastModified": "2024-11-21T05:11:34.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "51FFA80F-58E2-4EBB-9815-6DFCFABE6F6A", "versionEndExcluding": "2.20.61"}, {"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "73A2E8EB-9428-48E6-AB28-3B3A3FD838EF", "versionEndExcluding": "2.20.61"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}