Vulnerabilities > CVE-2019-16248 - Unspecified vulnerability in Telegram
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message).
Vulnerable Configurations
References
- https://github.com/RootUp/PersonalStuff/blob/master/Telegram_Privacy.pdf
- https://github.com/RootUp/PersonalStuff/blob/master/Telegram_Privacy.pdf
- https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
- https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
- https://www.openwall.com/lists/oss-security/2019/09/09/2
- https://www.openwall.com/lists/oss-security/2019/09/09/2