Vulnerability CVE-2018-3988
Published: 2018-12-10

Description:
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
1.9/10
2.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Signal -> Messenger 

 References:
http://www.securityfocus.com/bid/106207
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656
Copyright 2024, cxsecurity.com

 

Back to Top