CVE-2024-6294 LOW

CVE-2024-6294: udn News App - Sensitive Information Exposure

Vendor Udn

Product udn News App

Weakness CWE-200 · Info exposure

Published June 25, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

3.9/10

Attack vector Physical

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.

Key dates

02Disclosure timeline

June 25, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-6294

Related vulnerabilities

CVE-2024-6294: udn News App - Sensitive Information Exposure

01Description

02Disclosure timeline

03References

04Related CVE