Lucene search

[email protected]NVD:CVE-2023-28387

HistoryJun 30, 2023 - 7:15 a.m.

CVE-2023-28387

2023-06-3007:15:08

CWE-798

[email protected]

web.nvd.nist.gov

newspicks

android

ios

hard-coded credentials

local attacker

data analysis

api key

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

“NewsPicks” App for Android versions 10.4.5 and earlier and “NewsPicks” App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.

Affected configurations

Nvd

Node

uzabasenewspicksRange≤10.4.2iphone_os

uzabasenewspicksRange≤10.4.5android

VendorProductVersionCPE
uzabasenewspicks*cpe:2.3:a:uzabase:newspicks:*:*:*:*:*:iphone_os:*:*
uzabasenewspicks*cpe:2.3:a:uzabase:newspicks:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
uzabase	newspicks	*	cpe:2.3:a:uzabase:newspicks::::::iphone_os::*
uzabase	newspicks	*	cpe:2.3:a:uzabase:newspicks::::::android::*

References

apps.apple.com/us/app/%E3%83%8B%E3%83%A5%E3%83%BC%E3%82%BA%E3%83%94%E3%83%83%E3%82%AF%E3%82%B9-%E3%83%93%E3%82%B8%E3%83%8D%E3%82%B9%E3%81%AB%E5%BD%B9%E7%AB%8B%E3%81%A4%E7%B5%8C%E6%B8%88%E3%83%8B%E3%83%A5%E3%83%BC%E3%82%B9%E3%82%A2%E3%83%97%E3%83%AA/id640956497

jvn.jp/en/jp/JVN32739265/

play.google.com/store/apps/details?id=com.newspicks

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-28387

cve1 jvn1 cvelist1 prion1