CVE-2024-6295 Information

Description

udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.twcert.org.tw/tw/cp-132-7894-aebd8-1.html https://www.twcert.org.tw/en/cp-139-7895-80dac-2.html

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

3.9