CVE-2020-1905
06.10.2020, 18:15
Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated.Enginsight
Common Weakness Enumeration
- CWE-340 - Generation of Predictable Numbers or IdentifiersThe product uses a scheme that generates numbers or identifiers that are more predictable than required.
- CWE-330 - Use of Insufficiently Random ValuesThe software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.