CVE-2020-25824

Опубликовано: 14 окт. 2020

Источник: nvd

CVSS3: 2.4

CVSS2: 2.1

EPSS Низкий

Описание

Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files.

Ссылки

https://github.com/soheilsamanabadi/vulnerability/blob/main/Telegram-Desktop-CVE-2020-25824
Third Party Advisory
https://github.com/telegramdesktop/tdesktop/releases/tag/v2.4.3
Release Notes
Third Party Advisory
https://security.gentoo.org/glsa/202101-34
Third Party Advisory
https://www.Telegram.org
Product
https://github.com/soheilsamanabadi/vulnerability/blob/main/Telegram-Desktop-CVE-2020-25824
Third Party Advisory
https://github.com/telegramdesktop/tdesktop/releases/tag/v2.4.3
Release Notes
Third Party Advisory
https://security.gentoo.org/glsa/202101-34
Third Party Advisory
https://www.Telegram.org
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:telegram:telegram_desktop:*:*:*:*:*:*:*:*

Версия до 2.4.3 (включая)

EPSS

Процентиль: 24%

0.00083

Низкий

2.4 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-306

Связанные уязвимости

CVE-2020-25824

CVSS3: 2.4

debian

больше 5 лет назад

Telegram Desktop through 2.4.3 does not require passcode entry upon pu ...

GHSA-hq26-6p72-9jg4

github

больше 3 лет назад