CVE-2024-2045 Information
Mar 01, 2024
cve
Description
Session version 1.17.5 allows obtaining internal application files and public
files from the user’s device without the user’s consent. This is possible
because the application is vulnerable to Local File Read via chat attachments.
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Reference
https://fluidattacks.com/advisories/newman/ https://github.com/oxen-io/session-android/
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
4.4
Share on: