Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.whatsapp.com/security/advisories/2020/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: facebook
Published: 2020-10-06T17:35:26
Updated: 2024-08-04T06:53:59.620Z
Reserved: 2019-12-02T00:00:00
Link: CVE-2020-1905
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-10-06T18:15:16.580
Modified: 2024-11-21T05:11:35.110
Link: CVE-2020-1905
Redhat
No data.