github - ghsa-9vw8-5c3c-w435

ghsa-9vw8-5c3c-w435

Vulnerability from github

Published

2022-05-24 16:45

Modified

2022-05-24 16:45

Details

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3566"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-10T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A bug in WhatsApp for Android\u0027s messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user\u0027s account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103.",
  "id": "GHSA-9vw8-5c3c-w435",
  "modified": "2022-05-24T16:45:28Z",
  "published": "2022-05-24T16:45:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3566"
    },
    {
      "type": "WEB",
      "url": "https://www.facebook.com/security/advisories/cve-2019-3566"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2019-3566

Vulnerability from cvelistv5

Published

2019-05-10 20:58

Modified

2024-08-04 19:12

Severity ?

Summary

References

▼	URL	Tags
	https://www.facebook.com/security/advisories/cve-2019-3566	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Facebook	WhatsApp for Android
	Facebook	WhatsApp Business for Android

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:12:09.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.facebook.com/security/advisories/cve-2019-3566"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WhatsApp for Android",
          "vendor": "Facebook",
          "versions": [
            {
              "status": "affected",
              "version": "2.19.104"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2.19.54",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2.19.52"
            }
          ]
        },
        {
          "product": "WhatsApp Business for Android",
          "vendor": "Facebook",
          "versions": [
            {
              "status": "affected",
              "version": "2.19.38"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2.19.22",
              "versionType": "custom"
            }
          ]
        }
      ],
      "dateAssigned": "2019-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A bug in WhatsApp for Android\u0027s messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user\u0027s account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-15T15:48:59",
        "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "shortName": "facebook"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.facebook.com/security/advisories/cve-2019-3566"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assign@fb.com",
          "DATE_ASSIGNED": "2019-05-09",
          "ID": "CVE-2019-3566",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WhatsApp for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "2.19.104"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2.19.54"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2.19.52"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "WhatsApp Business for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "2.19.38"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2.19.22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Facebook"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A bug in WhatsApp for Android\u0027s messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user\u0027s account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control (CWE-284)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.facebook.com/security/advisories/cve-2019-3566",
              "refsource": "MISC",
              "url": "https://www.facebook.com/security/advisories/cve-2019-3566"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
    "assignerShortName": "facebook",
    "cveId": "CVE-2019-3566",
    "datePublished": "2019-05-10T20:58:02",
    "dateReserved": "2019-01-02T00:00:00",
    "dateUpdated": "2024-08-04T19:12:09.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted