CVE-2018-3988 Information

Description

Signal Messenger for Android 4.24.8 may expose private information when using \disappearing messages.\ If a user uses the photo feature available in the \attach file\ menu then Signal will leave the picture in its own cache directory which is available to any application on the system.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/106207 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.7