Vulnerabilities > CVE-2024-2045 - Unspecified vulnerability in Opft Session 1.17.5

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

opft

NVD

Published: 2024-03-01

Updated: 2025-03-04

Summary

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments.

Vulnerable Configurations

Part	Description	Count
Application	Opft Opft Session 1.17.5	1

References

https://fluidattacks.com/advisories/newman/
https://fluidattacks.com/advisories/newman/
https://github.com/oxen-io/session-android/
https://github.com/oxen-io/session-android/