Products
udn News Android APP
Source
twcert@cert.org.tw
Tags
CVE-2024-6294 details
Published : June 25, 2024, 2:15 a.m.
Last Modified : June 25, 2024, 12:24 p.m.
Last Modified : June 25, 2024, 12:24 p.m.
Description
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.
CVSS Score
| 1 | 2 | 3.9 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
CVSS Data
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
3.9
Exploitability Score
0.3
Impact Score
3.6
Base Severity
LOW
Vector String : CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://www.twcert.org.tw/en/cp-139-7893-43ecd-2.html | twcert@cert.org.tw |
| https://www.twcert.org.tw/tw/cp-132-7892-aafd2-1.html | twcert@cert.org.tw |
This website uses the NVD API, but is not approved or certified by it.