Lucene search

Veracode Vulnerability DatabaseVERACODE:46269

HistoryApr 08, 2024 - 6:26 a.m.

Intent Redirection

2024-04-0806:26:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

intent redirection

vulnerability

android application.

CVSS2

4.3

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.7

Confidence

High

EPSS

Percentile

15.5%

JSON

@kyivstarteam/react-native-sms-user-consent is vulnerable to Intent Redirection vulnerability. The vulnerability is due to improper export of android application components due to a flaw in the registerReceiver function.

References

github.com/kyivstarteam/react-native-sms-user-consent/commit/5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7

github.com/kyivstarteam/react-native-sms-user-consent/pull/4

github.com/kyivstarteam/react-native-sms-user-consent/releases/tag/1.1.5

vuldb.com/?ctiid.259508

vuldb.com/?id.259508

CVSS2

4.3

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.7

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46269