CVE-2021-41861
Summary
| CVE | CVE-2021-41861 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-04 03:15:00 UTC |
| Updated | 2021-10-08 17:28:00 UTC |
| Description | The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Version history | MISC | desktop.telegram.org | |
| pikabu.ru/story/konfidentsialnost_polzovateley_telegram_snova_narushena... | MISC | pikabu.ru | |
| Автоудаление, виджеты и временные ссылки для приглашений | MISC | telegram.org | |
| Конфиденциальность пользователей Telegram снова нарушена. Представители мессенджера требуют не раскрывать подробностей / Хабр | MISC | habr.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 630755 Telegram For Android Insufficient Information Vulnerability