{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T02:31:40.544","vulnerabilities":[{"cve":{"id":"CVE-2024-2045","sourceIdentifier":"help@fluidattacks.com","published":"2024-03-01T00:15:52.493","lastModified":"2025-05-19T17:15:22.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Session version 1.17.5 allows obtaining internal application files and public\n\nfiles from the user's device without the user's consent. This is possible\n\nbecause the application is vulnerable to Local File Read via chat attachments."},{"lang":"es","value":"La versión de sesión 1.17.5 permite obtener archivos de aplicaciones internas y archivos públicos del dispositivo del usuario sin el consentimiento del usuario. Esto es posible porque la aplicación es vulnerable a la lectura de archivos locales a través de archivos adjuntos del chat."}],"metrics":{"cvssMetricV31":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opft:session:1.17.5:*:*:*:*:android:*:*","matchCriteriaId":"E955A49B-FF35-4AC4-AD90-E7F17EE69811"}]}]}],"references":[{"url":"https://fluidattacks.com/advisories/newman/","source":"help@fluidattacks.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/oxen-io/session-android/","source":"help@fluidattacks.com","tags":["Product"]},{"url":"https://fluidattacks.com/advisories/newman/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/oxen-io/session-android/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}