CVE-2019-16248

{"id": "CVE-2019-16248", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-09-11T23:15:14.313", "references": [{"url": "https://github.com/RootUp/PersonalStuff/blob/master/Telegram_Privacy.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.openwall.com/lists/oss-security/2019/09/09/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The \"delete for\" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message)."}, {"lang": "es", "value": "La funcionalidad \"delete for\" en Telegram versiones anteriores a 5.11 en Android no elimina los archivos multimedia compartidos desde el directorio de Im\u00e1genes de Telegram. En otras palabras, existe una indicaci\u00f3n de la IU potencialmente enga\u00f1osa de que un remitente puede eliminar la copia de un destinatario de una imagen enviada previamente (an\u00e1loga a la funcionalidad compatible en la que un remitente puede suprimir la copia de un destinatario de un mensaje enviado previamente)."}], "lastModified": "2021-10-18T12:05:26.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:telegram:telegram:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "FDF1836C-1773-4563-831F-260EDF6BF2AF", "versionEndExcluding": "5.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}