CVE-2019-15514

{"id": "CVE-2019-15514", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-08-23T13:15:11.813", "references": [{"url": "https://docs.google.com/document/d/e/2PACX-1vRx2wO2kj0axlQtv2CDSjPGlRKJOHtucvpOKGFKybh2eVVGZqvt_JJv-2Q11NHn5Y4um_F4-bgA6q5v/pub", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers."}, {"lang": "es", "value": "openITCOCKPIT anterior de la versi\u00f3n 3.7.1 permite la inyecci\u00f3n de c\u00f3digo, La funci\u00f3n Privacidad> N\u00famero de tel\u00e9fono en la aplicaci\u00f3n Telegram 5.10 para Android e iOS proporciona una indicaci\u00f3n incorrecta de que el nivel de acceso es Nadie, porque los atacantes pueden encontrar estos n\u00fameros a trav\u00e9s de la funci\u00f3n Informaci\u00f3n de grupo, por ejemplo, agregando una fracci\u00f3n significativa de los n\u00fameros de tel\u00e9fono asignados de una regi\u00f3n como RVID 1-445b21."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:telegram:telegram:5.10.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "FF236758-2C4C-4915-B8E8-8FD3AD5483F0"}, {"criteria": "cpe:2.3:a:telegram:telegram:5.10.0:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "C5B934DA-6A87-4D46-995F-B0BA1592D069"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}