Lucene search

JpcertCVE-2023-22362

HistoryFeb 13, 2023 - 2:21 a.m.

CVE-2023-22362

2023-02-1302:21:07

CWE-532

jpcert

web.nvd.nist.gov

cve-2023-22362

sushiro

android

log file

security vulnerability

sensitive information

credential exposure

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

55.3%

JSON

SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1

Affected configurations

Nvd

Vulners

Node

akindo-sushirohong_kong_sushiroMatch3.0.3android

akindo-sushirosingapore_sushiroMatch2.0.3android

akindo-sushirosushiroMatch4.0.31android

akindo-sushirotaiwan_sushiroMatch2.0.3android

akindo-sushirothailand_sushiroMatch2.0.3android

VendorProductVersionCPE
akindo-sushirohong_kong_sushiro3.0.3cpe:2.3:a:akindo-sushiro:hong_kong_sushiro:3.0.3:*:*:*:*:android:*:*
akindo-sushirosingapore_sushiro2.0.3cpe:2.3:a:akindo-sushiro:singapore_sushiro:2.0.3:*:*:*:*:android:*:*
akindo-sushirosushiro4.0.31cpe:2.3:a:akindo-sushiro:sushiro:4.0.31:*:*:*:*:android:*:*
akindo-sushirotaiwan_sushiro2.0.3cpe:2.3:a:akindo-sushiro:taiwan_sushiro:2.0.3:*:*:*:*:android:*:*
akindo-sushirothailand_sushiro2.0.3cpe:2.3:a:akindo-sushiro:thailand_sushiro:2.0.3:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
akindo-sushiro	hong_kong_sushiro	3.0.3	cpe:2.3:a:akindo-sushiro:hong_kong_sushiro:3.0.3:::::android::
akindo-sushiro	singapore_sushiro	2.0.3	cpe:2.3:a:akindo-sushiro:singapore_sushiro:2.0.3:::::android::
akindo-sushiro	sushiro	4.0.31	cpe:2.3:a:akindo-sushiro:sushiro:4.0.31:::::android::
akindo-sushiro	taiwan_sushiro	2.0.3	cpe:2.3:a:akindo-sushiro:taiwan_sushiro:2.0.3:::::android::
akindo-sushiro	thailand_sushiro	2.0.3	cpe:2.3:a:akindo-sushiro:thailand_sushiro:2.0.3:::::android::

CNA Affected

[
  {
    "vendor": "AKINDO SUSHIRO CO., LTD.",
    "product": "SUSHIRO App for Android",
    "versions": [
      {
        "version": "SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN84642320/

play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp

play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp

play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp

play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp

play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

55.3%

JSON

Related for CVE-2023-22362