exploitDog

CVE-2022-46081

Опубликовано: 04 янв. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product.

Ссылки

https://www.samwallace.dev/research/Harvesting%20Emails%20with%20Expired%20Garmin%20LiveTrack%20Sessions
Exploit
Third Party Advisory
https://www.samwallace.dev/research/Harvesting%20Emails%20with%20Expired%20Garmin%20LiveTrack%20Sessions
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:garmin:connect:4.61:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

Дефекты

CWE-200

CWE-200

Связанные уязвимости

GHSA-4q2q-9g24-gmxw

CVSS3: 7.5

github

около 3 лет назад

In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information.

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

Дефекты

CWE-200

CWE-200