MEDIUM 5.3
CVE-2019-15514
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| telegram | telegram | Android | — | cpe:2.3:a:telegram:telegram:5.10.0:*:*:*:*:android:*:* |
| telegram | telegram | iOS | — | cpe:2.3:a:telegram:telegram:5.10.0:*:*:*:*:iphone_os:*:* |