Main Vulnerability Database Vulnerabilities #VU20889

Information disclosure in TikTok - CVE-2019-14319

Published: September 5, 2019 / Updated: August 15, 2020

Vulnerability identifier: #VU20889

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-14319

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: ByteDance

Affected software:
TikTok

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected application performs unencrypted transmission of images, videos, and likes. An attacker on the same Wi-Fi network can extract private sensitive information by sniffing network traffic.

How to mitigate CVE-2019-14319

Install update from vendor's website.

Sources

https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf

Information disclosure in TikTok - CVE-2019-14319

Detailed vulnerability description

How to mitigate CVE-2019-14319

Sources

Please verify you're human