exploitDog

GHSA-69hr-vv26-mcwr

Опубликовано: 05 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.

Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.

Ссылки

EPSS

Процентиль: 19%

0.00061

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-319

Связанные уязвимости

CVE-2023-42579

CVSS3: 6.5

nvd

около 2 лет назад

Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.

EPSS

Процентиль: 19%

0.00061

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-319