Vulnerability Details : CVE-2019-15514

The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.

Published 2019-08-23 13:15:12

Updated 2021-07-21 11:39:24

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-15514

Probability of exploitation activity in the next 30 days: 0.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 46 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-15514

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2019-15514

https://docs.google.com/document/d/e/2PACX-1vRx2wO2kj0axlQtv2CDSjPGlRKJOHtucvpOKGFKybh2eVVGZqvt_JJv-2Q11NHn5Y4um_F4-bgA6q5v/pub

A Telegram bug that disclose phone numbers of any users in public groups
Exploit;Third Party Advisory

Products affected by CVE-2019-15514

Telegram » Telegram » Version: 5.10.0 For Iphone Os
cpe:2.3:a:telegram:telegram:5.10.0:*:*:*:*:iphone_os:*:*
Matching versions
Telegram » Telegram » Version: 5.10.0 For Android
cpe:2.3:a:telegram:telegram:5.10.0:*:*:*:*:android:*:*
Matching versions