CVE-2022-41797

Опубликовано: 24 окт. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

Ссылки

https://apps.apple.com/jp/app/lemon8/id1498607143
Product
Third Party Advisory
https://jvn.jp/en/jp/JVN10921428/index.html
Third Party Advisory
https://play.google.com/store/apps/details?id=com.bd.nproject&hl=ja&gl=US
Product
Third Party Advisory
https://apps.apple.com/jp/app/lemon8/id1498607143
Product
Third Party Advisory
https://jvn.jp/en/jp/JVN10921428/index.html
Third Party Advisory
https://play.google.com/store/apps/details?id=com.bd.nproject&hl=ja&gl=US
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:lemon8_project:lemon8:*:*:*:*:*:android:*:*

Версия до 3.3.5 (исключая)

cpe:2.3:a:lemon8_project:lemon8:*:*:*:*:*:iphone_os:*:*

Версия до 3.3.5 (исключая)

EPSS

Процентиль: 61%

0.00416

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-9phr-845q-6wwg