#VU35918 Information disclosure in WhatsApp Messenger for Android - CVE-2019-3566
Published: May 10, 2019 / Updated: August 8, 2020
Vulnerability identifier: #VU35918
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-3566
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
WhatsApp Messenger for Android
WhatsApp Messenger for Android
Software vendor:
WhatsApp
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38.
Remediation
Install update from vendor's website.