CVE-2020-15165

Опубликовано: 28 авг. 2020

Источник: nvd

CVSS3: 9.3

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory.

Ссылки

https://github.com/maxieds/ChameleonMiniLiveDebugger/security/advisories/GHSA-8q77-7hq8-f7g6
Exploit
Third Party Advisory
https://play.google.com/store/apps/details?id=com.maxieds.chameleonminilivedebugger&hl=en_US
Product
Third Party Advisory
https://github.com/maxieds/ChameleonMiniLiveDebugger/security/advisories/GHSA-8q77-7hq8-f7g6
Exploit
Third Party Advisory
https://play.google.com/store/apps/details?id=com.maxieds.chameleonminilivedebugger&hl=en_US
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chameleon_mini_live_debugger_project:chameleon_mini_live_debugger:1.1.6:*:*:*:*:android:*:*

EPSS

Процентиль: 42%

0.00199

Низкий

9.3 Critical

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-506

EPSS

Процентиль: 42%

0.00199

Низкий

9.3 Critical

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-506