Vulnerabilities > CVE-2021-41861 - Unspecified vulnerability in Telegram
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
References
- https://desktop.telegram.org/changelog#v-2-6-23-02-21
- https://desktop.telegram.org/changelog#v-2-6-23-02-21
- https://habr.com/ru/post/580582/
- https://habr.com/ru/post/580582/
- https://pikabu.ru/story/konfidentsialnost_polzovateley_telegram_snova_narushena_predstaviteli_messendzhera_trebuyut_ne_raskryivat_podrobnostey_8511495
- https://pikabu.ru/story/konfidentsialnost_polzovateley_telegram_snova_narushena_predstaviteli_messendzhera_trebuyut_ne_raskryivat_podrobnostey_8511495
- https://telegram.org/blog/autodelete-inv2/ru#avtomaticheskoe-udalenie-soobschenii
- https://telegram.org/blog/autodelete-inv2/ru#avtomaticheskoe-udalenie-soobschenii