{"api_version":"1","generated_at":"2026-04-30T09:15:42+00:00","cve":"CVE-2018-3988","urls":{"html":"https://cve.report/CVE-2018-3988","api":"https://cve.report/api/cve/CVE-2018-3988.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-3988","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-3988"},"summary":{"title":"CVE-2018-3988","description":"Signal Messenger for Android 4.24.8 may expose private information when using \"disappearing messages.\" If a user uses the photo feature available in the \"attach file\" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.","state":"PUBLIC","assigner":"talos-cna@cisco.com","published_at":"2018-12-10 17:29:00","updated_at":"2023-02-03 01:36:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656","name":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"TALOS-2018-0656 ||  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106207","name":"106207","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Signal Messenger CVE-2018-3988 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-3988","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3988","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"3988","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"signal","cpe5":"messenger","cpe6":"4.24.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"3988","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"signal","cpe5":"messenger","cpe6":"4.24.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"3988","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"signal","cpe5":"private_messenger","cpe6":"4.24.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"talos-cna@cisco.com","ID":"CVE-2018-3988","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Signal","version":{"version_data":[{"version_value":"Signal Messenger Android 4.24.8"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Signal Messenger for Android 4.24.8 may expose private information when using \"disappearing messages.\" If a user uses the photo feature available in the \"attach file\" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"privacy violation"}]}]},"references":{"reference_data":[{"name":"106207","refsource":"BID","url":"http://www.securityfocus.com/bid/106207"},{"name":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656","refsource":"MISC","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656"}]},"impact":{"cvss":{"baseScore":3.3,"baseSeverity":"Low","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.0"}}},"nvd":{"publishedDate":"2018-12-10 17:29:00","lastModifiedDate":"2023-02-03 01:36:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":1,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":1.9},"severity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:signal:private_messenger:4.24.8:*:*:*:*:android:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"3988","Ordinal":"119902","Title":"CVE-2018-3988","CVE":"CVE-2018-3988","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"3988","Ordinal":"1","NoteData":"Signal Messenger for Android 4.24.8 may expose private information when using \"disappearing messages.\" If a user uses the photo feature available in the \"attach file\" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"3988","Ordinal":"2","NoteData":"2018-12-10","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"3988","Ordinal":"3","NoteData":"2018-12-15","Type":"Other","Title":"Modified"}]}}}