Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2021-41861

CVE information

Published

10 months ago

Last Modified

10 months ago

CVSSv2.0 Severity

Low

CVSSv3.1 Severity

Low

Impact Analysis

Description

The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory..

CVSSv2.0 Score

Severity
Low
Base Score
2.1/10
Exploit Score
3.9/10
Access Vector
Local
Access Complexity
Low
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
None
Availability Impact
None
Integrity Impact
Partial

CVSSv3.1 Score

Severity
Low
Base Score
3.3/10
Exploit Score
1.8/10
Access Vector
Local
Access Complexity
Low
Privileges Required
Low
Impact Score
1.4/10
Confidentiality Impact
None
Availability Impact
None
Integrity Impact
Low
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:telegram:telegram:*:*:*:*:*:android:*:*
  Yes
7.5.0 -