CVE-2024-6295 LOW

CVE-2024-6295: udn News App - Insecure Data Storage

Vendor Udn
Product udn News App
Weakness CWE-922
Published June 25, 2024
Last update August 1, 2024

CVSS base score

3.9/10
Attack vector Physical
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.

Key dates

02Disclosure timeline

June 25, 2024 CVE published
August 1, 2024 Record updated