Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentJpcertVULNRICHMENT:CVE-2024-36279
HistoryJun 17, 2024 - 7:34 a.m.

CVE-2024-36279

2024-06-1707:34:09
jpcert
github.com
5
freefrom
nostr client
android
ios
manipulation
direct messages
security issue
encryption
integrity checking

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in “FreeFrom - the nostr client” App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:freefrom_kk:freefrom_the_nostr_client_app:*:*:*:*:*:*:*:*"
    ],
    "vendor": "freefrom_kk",
    "product": "freefrom_the_nostr_client_app",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.3.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

cve 1
cvelist 1
nvd 1
jvn 1
cve
cve
CVE-2024-36279
2024-06-17 08:15:48
cvelist
cvelist
CVE-2024-36279
2024-06-17 07:34:09
nvd
nvd
CVE-2024-36279
2024-06-17 08:15:48
jvn
jvn
JVN#55045256: Multiple vulnerabilities in "FreeFrom - the nostr client" App
2024-06-07 00:00:00

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON
Related for VULNRICHMENT:CVE-2024-36279
cve1cvelist1nvd1jvn1