CVE-2018-3988
MEDIUMSignal Messenger for Android 4.24.8 - Unauthorized Exposure of Sensitive Information via Photo Cache
Title source: llmDescription
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.
References (2)
Core 2
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106207
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656
Scores
CVSS v3
4.7
EPSS
0.0051
EPSS Percentile
39.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
signal/private_messenger
4.24.8
Published
Dec 10, 2018
Tracked Since
Feb 18, 2026