exploitDog

CVE-2024-2045

Опубликовано: 01 мар. 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

Session version 1.17.5 allows obtaining internal application files and public

files from the user's device without the user's consent. This is possible

because the application is vulnerable to Local File Read via chat attachments.

Ссылки

https://fluidattacks.com/advisories/newman/
Exploit
Third Party Advisory
https://github.com/oxen-io/session-android/
Product
https://fluidattacks.com/advisories/newman/
Exploit
Third Party Advisory
https://github.com/oxen-io/session-android/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opft:session:1.17.5:*:*:*:*:android:*:*

EPSS

Процентиль: 30%

0.00109

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-rr36-3hq5-mqj8

CVSS3: 4.4

github

почти 2 года назад

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments.

EPSS

Процентиль: 30%

0.00109

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-22