CVE-2017-8769

CVSS V2 Low 2.1 CVSS V3 Medium 4.6
Description
** DISPUTED ** Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted.
Overview
  • CVE ID
  • CVE-2017-8769
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2017-05-18T06:29:00
  • Last Modified Date
  • 2019-10-04T17:56:45
Weakness Enumerations
CWE URL
CWE-311 http://cwe.mitre.org/data/definitions/311.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:* 1 OR 2.16.323
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 2.1
  • Severity
  • LOW
  • Exploitability Score
  • 3.9
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Attack Vector
  • PHYSICAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • NONE
  • Base Score
  • 4.6
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 0.9
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://wwws.nightwatchcybersecurity.com/2017/05/17/advisory-whatsapp-for-android-privacy-issues-with-handling-of-media-files-cve-2017-8769/ Exploit Mitigation Third Party Advisory
http://www.securityfocus.com/bid/100906 Third Party Advisory VDB Entry
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2017-8769
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8769
History
Created Old Value New Value Data Type Notes
2022-05-10 17:15:58 Added to TrackCVE
2022-12-02 17:01:08 2017-05-18T06:29Z 2017-05-18T06:29:00 CVE Published Date updated
2022-12-02 17:01:08 2019-10-04T17:56:45 CVE Modified Date updated
2022-12-02 17:01:08 Analyzed Vulnerability Status updated