CVE-2024-6295

Published Jun 25, 2024

Last updated 8 months ago

CVSS low 3.9

Overview

Description
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.
Source
twcert@cert.org.tw
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
3.9
Impact score
3.6
Exploitability score
0.3
Vector string
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity
LOW

Weaknesses

twcert@cert.org.tw
CWE-922

Social media

Hype score
Not currently trending

References