Lucene search

K
cvelistJpcertCVELIST:CVE-2024-23388
HistoryJan 26, 2024 - 7:07 a.m.

CVE-2024-23388

2024-01-2607:07:23
jpcert
www.cve.org
cve-2024-23388
improper authorization
mercari
android
phishing attack

0.001 Low

EPSS

Percentile

25.2%

Improper authorization in handler for custom URL scheme issue in β€œMercari” App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

CNA Affected

[
  {
    "vendor": "Mercari, Inc.",
    "product": "\"Mercari\" App for Android",
    "versions": [
      {
        "version": "prior to version 5.78.0",
        "status": "affected"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

25.2%

Related for CVELIST:CVE-2024-23388