MEDIUM 5.3
CVE-2019-15514
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected mobile apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| telegram | telegram | Android | — | cpe:2.3:a:telegram:telegram:5.10.0:*:*:*:*:android:*:* |
| telegram | telegram | iOS | — | cpe:2.3:a:telegram:telegram:5.10.0:*:*:*:*:iphone_os:*:* |