Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCheckpointCVELIST:CVE-2023-28131
HistoryApr 24, 2023 - 12:00 a.m.

CVE-2023-28131

2023-04-2400:00:00
checkpoint
www.cve.org
3
vulnerability
expo.io
framework
account takeover
credential theft
malicious link

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

67.8%

JSON

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the β€œExpo AuthSession Redirect Proxy” for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).

CNA Affected

[
  {
    "vendor": "Expo.io",
    "product": "Expo AuthSession module",
    "versions": [
      {
        "version": "All versions prior to SDK 48.* (Affected SDK 45.*, 46.* and 47.*)",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
thn 1
wallarmlab 1
prion
prion
Design/Logic Flaw
2023-04-24 05:15:00
nvd
nvd
CVE-2023-28131
2023-04-24 05:15:08
cve
cve
CVE-2023-28131
2023-04-24 05:15:08
thn
thn
Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking
2023-05-27 07:45:00
wallarmlab
wallarmlab
OWASP APIsec Top-10 2023 Is HereΒ | API Security Newsletter
2023-06-15 14:33:48

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

67.8%

JSON
Related for CVELIST:CVE-2023-28131
prion1nvd1cve1thn1wallarmlab1