CVE-2017-8769 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio Documents Images Video and Voice Notes) associated with a chat even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion or who expect encryption (consistent with the application’s use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not \consider these to be security issues\ because a user may legitimately want to preserve any file for use \in other apps like the Google Photos gallery\ regardless of whether its associated chat is deleted.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/100906 https://wwws.nightwatchcybersecurity.com/2017/05/17/advisory-whatsapp-for-android-privacy-issues-with-handling-of-media-files-cve-2017-8769/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.6