CVE-2018-3988

MEDIUM

Signal Messenger for Android 4.24.8 - Unauthorized Exposure of Sensitive Information via Photo Cache

Title source: llm
STIX 2.1

Description

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.

References (2)

Core 2
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106207
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656

Scores

CVSS v3 4.7
EPSS 0.0051
EPSS Percentile 39.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
signal/private_messenger 4.24.8
Published Dec 10, 2018
Tracked Since Feb 18, 2026