CVE-2018-3986
CVSS V2 Low 2.1
CVSS V3 Medium 5.5
Description
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. There is a bug in this functionality that leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.
Overview
- CVE ID
- CVE-2018-3986
- Assigner
- talos-cna@cisco.com
- Vulnerability Status
- Analyzed
- Published Version
- 2019-01-03T22:29:00
- Last Modified Date
- 2023-02-04T01:21:30
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:telegram:telegram:4.9.0:*:*:*:*:android:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 2.1
- Severity
- LOW
- Exploitability Score
- 3.9
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 5.5
- Base Severity
- MEDIUM
- Exploitability Score
- 1.8
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0654 | Third Party Advisory |
| http://www.securityfocus.com/bid/106295 | Third Party Advisory VDB Entry |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2018-3986 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3986 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-04-20 17:01:21 | Added to TrackCVE | |||
| 2022-12-03 16:00:35 | 2019-01-03T22:29Z | 2019-01-03T22:29:00 | CVE Published Date | updated |
| 2022-12-03 16:00:35 | 2022-04-19T18:15:36 | CVE Modified Date | updated | |
| 2022-12-03 16:00:35 | Undergoing Analysis | Vulnerability Status | updated | |
| 2023-02-04 03:08:54 | 2023-02-04T01:21:30 | CVE Modified Date | updated | |
| 2023-02-04 03:08:54 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |