CVE-2022-42979

2023-01-0600:00:00

mitre

www.cve.org

information disclosure

hostname validation

ryde app

account takeover

deep link

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link.

References

medium.com/%40jalee0606/how-i-found-my-first-one-click-account-takeover-via-deeplink-in-ryde-5406010c36d8