Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted
Published 2017-05-18 06:29:00
Updated 2024-05-17 01:20:26
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-8769

0.07%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-8769

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
2.1
LOW AV:L/AC:L/Au:N/C:P/I:N/A:N
3.9
2.9
NIST
4.6
MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.9
3.6
NIST

CWE ids for CVE-2017-8769

References for CVE-2017-8769

Products affected by CVE-2017-8769

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!