Information disclosure in Facebook Whatsapp Business For Android

CVE-2020-1902

A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.

Vulnerability class: Information Disclosure

EPSS: 0.002 (40.3th percentile) — read the EPSS interpretation.

Affected products

Facebook Whatsapp Business For Android — versions 2.20.49, unspecified
Facebook Whatsapp For Android — versions 2.20.140, unspecified

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

www.whatsapp.com/security/advisories/2020/ (x_refsource_CONFIRM)