Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: facebook

Published:

Updated: 2024-08-04T06:53:59.620Z

Reserved: 2019-12-02T00:00:00

Link: CVE-2020-1905

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-06T18:15:16.580

Modified: 2024-11-21T05:11:35.110

Link: CVE-2020-1905

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.