CVE-2020-1902 — Sensitive Information Exposure in Whatsapp Business FOR Android

CWE-200 — Sensitive Information Exposure CWE-319 — Cleartext Transmission of Sensitive Info2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 59.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Business FOR Android Facebook Whatsapp FOR Android Whatsapp +1 more

Timeline

PublishedOct 6

Latest updateMay 24

Description

A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5facebook/whatsapp_business_for_androidunspecified — 2.20.49+1

▶CVEListV5facebook/whatsapp_for_androidunspecified — 2.20.140+1

▶NVDwhatsapp/whatsapp_business2.20.35 — 2.20.49

▶NVDwhatsapp/whatsapp2.20.108 — 2.20.140

🔴Vulnerability Details

GHSA

GHSA-mp88-95vj-8f9m: A user running a quick search on a highly forwarded message on WhatsApp for Android from v2↗2022-05-24

▶