PT-2020-15156 · Whatsapp+1 · Whatsapp Business For Android+2

Published

2020-10-06

Updated

2021-09-14

CVE-2020-1902

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WhatsApp for Android versions 2.20.108 through 2.20.140 WhatsApp Business for Android versions 2.20.35 through 2.20.49

Description A user running a quick search on a highly forwarded message could have been sent to the Google service over plain HTTP, potentially exposing sensitive information.

Recommendations For WhatsApp for Android versions 2.20.108 through 2.20.140, update to a version outside of this range to ensure secure communication. For WhatsApp Business for Android versions 2.20.35 through 2.20.49, update to a version outside of this range to prevent data exposure over plain HTTP.

Fix

Cleartext Transmission of Sensitive Information

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-200

Related Identifiers

CVE-2020-1902

Affected Products

Google

Whatsapp Business For Android

Whatsapp For Android

PT-2020-15156 · Whatsapp+1 · Whatsapp Business For Android+2

CVE-2020-1902

Weakness Enumeration

Related Identifiers

Affected Products

References · 3