CVE-2024-2045

Published March 1st, 2024

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments.

oxen-io/session-android

Session Android - Onion routing based messenger [DEPRECATED SEE README]

GitHub

1.94K