CVE-2018-3986
Last modified
CVE-2018-3986 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. There is a bug in this functionality that leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Telegram | Telegram | 4.9.0 |
References
- http://www.securityfocus.com/bid/106295Broken Link, Third Party Advisory, VDB Entry
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0654Exploit, Third Party Advisory
- http://www.securityfocus.com/bid/106295Broken Link, Third Party Advisory, VDB Entry
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0654Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-3986?
How severe is CVE-2018-3986?
How do I fix CVE-2018-3986?
Are you affected by CVE-2018-3986?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST