CVE-2020-1889Whatsapp Desktop vulnerability

CWE-2653 documents3 sources
Severity
10.0CRITICALNVD
EPSS
0.6%
top 30.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Facebook Whatsapp DesktopWhatsapp Desktop
Timeline
PublishedSep 3
Latest updateMay 24

Description

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

CVEListV5facebook/whatsapp_desktopunspecified0.3.4932+1

🔴Vulnerability Details

2
GHSA
GHSA-27x9-jh87-vrp8: A security feature bypass issue in WhatsApp Desktop versions prior to v02022-05-24
CVEList
CVE-2020-1889: A security feature bypass issue in WhatsApp Desktop versions prior to v02020-09-03
CVE-2020-1889 — Facebook Whatsapp Desktop vulnerability | cvebase