CVE-2019-3566 Information

Description

A bug in WhatsApp for Android’s messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user’s account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103 as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.facebook.com/security/advisories/cve-2019-3566

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.9