CVE-2018-20436

Published: Dec 24, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the "Secret chats > Preview links" setting

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.html

x_refsource_MISC

https://misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-20436

Description

Affected Products

References