Lucene search

TwcertCVELIST:CVE-2022-39043

HistoryMar 27, 2023 - 12:00 a.m.

CVE-2022-39043 Juiker app - Information Leakage

2023-03-2700:00:00

CWE-200

twcert

www.cve.org

juiker app

information leakage

debug logs

sensitive information

external storage

mobile

unauthenticated physical attacker

personal contacts

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.

CNA Affected

[
  {
    "vendor": "Juiker",
    "product": "Juiker app",
    "versions": [
      {
        "version": "4.6.0607.1",
        "status": "affected"
      }
    ],
    "platforms": [
      "Android"
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6922-4a37a-1.html

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

Related for CVELIST:CVE-2022-39043