CVE-2020-1905
06.10.2020, 18:15
Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration
- CWE-340 - Generation of Predictable Numbers or IdentifiersThe product uses a scheme that generates numbers or identifiers that are more predictable than required.
- CWE-330 - Use of Insufficiently Random ValuesThe software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.