Описание
LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct phishing attacks by impersonating legitimate interfaces.
Ссылки
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.20.0 (исключая)
cpe:2.3:a:linecorp:line:*:*:*:*:*:android:*:*
EPSS
Процентиль: 6%
0.00026
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-451
Связанные уязвимости
CVSS3: 5.4
github
около 2 месяцев назад
LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct phishing attacks by impersonating legitimate interfaces.
EPSS
Процентиль: 6%
0.00026
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-451