CVE-2024-2045

MEDIUM

Session 1.17.5 - Local File Read via Chat Attachment

Title source: llm

Description

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://fluidattacks.com/advisories/newman/

Product

https://github.com/oxen-io/session-android/

Scores

CVSS v3 5.5

EPSS 0.0033

EPSS Percentile 24.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

opft/session 1.17.5

Published Mar 01, 2024

Tracked Since Feb 18, 2026