CVE-2019-15514

MEDIUM

Telegram app <5.10 - Info Disclosure

Title source: llm

Description

The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.

Exploits (2)

nomisec WORKING POC 22 stars

by bibi1959 · poc

https://github.com/bibi1959/CVE-2019-15514

View Code ZIP pw:eip

inthewild

poc

https://github.com/graysuit/cve-2019-15514

View on inthewild

References (1)

[Exploit, Third Party Advisory] https://docs.google.com/document/d/e/2PACX-1vRx2wO2kj0axlQtv2CDSjPGlRKJOHtucvpOKGFKybh2eVVGZqvt_JJv-2Q11NHn5Y4um_F4-bgA6q5v/pub

Scores

CVSS v3 5.3

EPSS 0.0333

EPSS Percentile 87.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (1)

telegram/telegram 5.10.0 (2 CPE variants)

Published Aug 23, 2019

Tracked Since Feb 18, 2026