Unrated severityNVD Advisory· Published Dec 24, 2018· Updated Aug 5, 2024

CVE-2018-20436

Description

The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the "Secret chats > Preview links" setting

Affected products

Telegramdesktop/Telegram Web-versionllm-create
Range: = 0.7.0
Telegramdesktop/Telegram Androidllm-fuzzy
Range: = 4.9.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.htmlmitrex_refsource_MISC
misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000