Vulnerability Description
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Telegram | Telegram Desktop | <= 2.4.3 |
Related Weaknesses (CWE)
References
- https://github.com/soheilsamanabadi/vulnerability/blob/main/Telegram-Desktop-CVEThird Party Advisory
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.4.3Release NotesThird Party Advisory
- https://security.gentoo.org/glsa/202101-34Third Party Advisory
- https://www.Telegram.orgProduct
- https://github.com/soheilsamanabadi/vulnerability/blob/main/Telegram-Desktop-CVEThird Party Advisory
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.4.3Release NotesThird Party Advisory
- https://security.gentoo.org/glsa/202101-34Third Party Advisory
- https://www.Telegram.orgProduct
FAQ
What is CVE-2020-25824?
CVE-2020-25824 is a vulnerability with a CVSS score of 2.4 (LOW). Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard...
How severe is CVE-2020-25824?
CVE-2020-25824 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25824?
Check the references section above for vendor advisories and patch information. Affected products include: Telegram Telegram Desktop.