CVE-2018-3988 LOW

CVE-2018-3988

Vendor N/A
Product Signal
Published December 10, 2018
Last update August 5, 2024

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.

Key dates

02Disclosure timeline

December 10, 2018 CVE published
August 5, 2024 Record updated