fkie_cve-2019-16248
Vulnerability from fkie_nvd
Published
2019-09-11 23:15
Modified
2024-11-21 04:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message).
References
cve@mitre.orghttps://github.com/RootUp/PersonalStuff/blob/master/Telegram_Privacy.pdfThird Party Advisory
cve@mitre.orghttps://www.inputzero.io/2019/09/telegram-privacy-fails-again.htmlExploit, Third Party Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2019/09/09/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/RootUp/PersonalStuff/blob/master/Telegram_Privacy.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.inputzero.io/2019/09/telegram-privacy-fails-again.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2019/09/09/2Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
telegram telegram *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:telegram:telegram:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "FDF1836C-1773-4563-831F-260EDF6BF2AF",
              "versionEndExcluding": "5.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The \"delete for\" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient\u0027s copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient\u0027s copy of a previously sent message)."
    },
    {
      "lang": "es",
      "value": "La funcionalidad \"delete for\" en Telegram versiones anteriores a 5.11 en Android no elimina los archivos multimedia compartidos desde el directorio de Im\u00e1genes de Telegram. En otras palabras, existe una indicaci\u00f3n de la IU potencialmente enga\u00f1osa de que un remitente puede eliminar la copia de un destinatario de una imagen enviada previamente (an\u00e1loga a la funcionalidad compatible en la que un remitente puede suprimir la copia de un destinatario de un mensaje enviado previamente)."
    }
  ],
  "id": "CVE-2019-16248",
  "lastModified": "2024-11-21T04:30:22.957",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-11T23:15:14.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/RootUp/PersonalStuff/blob/master/Telegram_Privacy.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2019/09/09/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/RootUp/PersonalStuff/blob/master/Telegram_Privacy.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2019/09/09/2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.