CVE-2020-1902

HIGH

WhatsApp 2.20.108-2.20.140 & 2.20.35-2.20.49 Cleartext Transmission via Quick Search

Title source: llm
STIX 2.1

Description

A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.whatsapp.com/security/advisories/2020/

Scores

CVSS v3 7.5
EPSS 0.0066
EPSS Percentile 46.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-319
Status published
Products (2)
whatsapp/whatsapp 2.20.108 - 2.20.140
whatsapp/whatsapp_business 2.20.35 - 2.20.49
Published Oct 06, 2020
Tracked Since Feb 18, 2026