ID HACKAPP:COM.SOFTCOIL.CHATTR.APK
Type hackapp
Reporter Hackapp.org
Modified 2017-02-20T08:52:41
Description
HackApp vulnerability scanner discovered that application Chattr Messenger published at the 'play' market has multiple vulnerabilities.
{"title": "Chattr Messenger - Dynamic Code Loading, Exported ContentProvider, External URLs vulnerabilities", "published": "2017-02-20T08:52:41", "references": ["https://play.google.com/store/apps/details?id=com.softcoil.chattr&hl=en"], "hackapp": {"link": "https://play.google.com/store/apps/details?id=com.softcoil.chattr&hl=en", "store": "play", "release": "2015-09-17T00:00:00", "icon": "http://lh5.ggpht.com/k2E9Tcw-zrVp9_3Ph6Og508FaTFsD9ti5EdpqKqPeeiG-HCrVQJrXPERIzfEKNy87jFa=w300", "version": "1.0.50", "vendor": "SoftCoil Development, LLC", "name": "Chattr Messenger", "bugs": [{"id": "c88fe1a3859ab0031aa554aadd67d30b", "description": "Exported ContentProvider is available to other apps.", "name": "Exported ContentProvider", "severity": "critical"}, {"id": "9ea8769004bc540c3cff871d4f768cb0", "description": "Control of WebView context allows to access local files.\n\t\t\t", "name": "WebView files access", "severity": "medium"}, {"id": "2a5eb290c295cb6041f06305bd810317", "description": "Where do they point?", "name": "External URLs", "severity": "notice"}, {"id": "1c9f1086734f9de632674e16ee25d906", "description": "SD-cards and other external storages have 'worldwide read' policy.", "name": "SD-card access", "severity": "medium"}, {"id": "07988fc0efd59691719ec560e4d756fd", "description": "All items deleted with 'file.delete()' could be recovered.", "name": "Unsafe deleting", "severity": "notice"}, {"id": "7e5ad89c97f801107389943f79853d93", "description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.", "name": "WebView JavaScript enabled", "severity": "medium"}, {"id": "c0aaba7fa86b90275db0bf71e938c303", "description": "Code for 'DexClassLoader' could be tampered.", "name": "Dynamic Code Loading", "severity": "medium"}], "apk": "COM.SOFTCOIL.CHATTR.APK"}, "type": "hackapp", "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2017-02-20T09:05:07"}, "dependencies": {"references": [], "modified": "2017-02-20T09:05:07"}, "vulnersScore": 0.4}, "cvelist": [], "viewCount": 2, "affectedSoftware": [{"version": "1.0.50", "name": "Chattr Messenger", "operator": "le"}], "hash": "0daebde1992130feb2ba09c935029fa7e1ff7160bcefe1c41c8f57f6585bbb5d", "id": "HACKAPP:COM.SOFTCOIL.CHATTR.APK", "modified": "2017-02-20T08:52:41", "history": [], "href": "https://hackapp.com/report/0a630723030788d4d1d6f11f04aef269", "hashmap": [{"hash": "54bc82276113f2ab478aa160d0d52ceb", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "a71296445a5ff95bdff27f6986810b14", "key": "description"}, {"hash": "56bca6ada7e4a968b18d98c60db28cd9", "key": "hackapp"}, {"hash": "bef542aaede9e11009e7aae0efa8bad8", "key": "href"}, {"hash": "f818544790e08a42f6001794bf607f56", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "f818544790e08a42f6001794bf607f56", "key": "published"}, {"hash": "40f965489d5823505d80a72d381732fb", "key": "references"}, {"hash": "3b012aae1848bb95fe11f3cebae83cb0", "key": "reporter"}, {"hash": "f7c04c4d8a7ae1c521c37052082e8aad", "key": "title"}, {"hash": "96e87ef1fcc8d9d3cdd337488987c423", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "HackApp vulnerability scanner discovered that application Chattr Messenger published at the 'play' market has multiple vulnerabilities.", "bulletinFamily": "software", "reporter": "Hackapp.org", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-02-20T09:05:07"}
{}
