Description
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-10570
Scores
CVSS v3
6.1
EPSS
0.0007
EPSS Percentile
20.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
Status
published
Products (1)
telegram/telegram
< 5.12.0
Published
Mar 24, 2020
Tracked Since
Feb 18, 2026