← volver
CVE-2024-2045

Session 1.17.5 - LFR via chat attachment

CVSS 5.5 MEDIUMEPSS 0.3%CWE-22
Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Productos afectados
Session · Session

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://fluidattacks.com/advisories/newman/https://github.com/oxen-io/session-android/