CVE-2024-6294 Vulnerability Details

  /     /     /  

CVE-2024-6294 Metadata Quick Info

CVE Published: 25/06/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: twcert | Vendor: udn | Product: udn News App
Status : PUBLISHED

---

CVE-2024-6294 Description

udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.

Metrics

CVSS Version: 3.1 | Base Score: 3.9 LOW
Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Source: udn

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-155
CAPEC Description: CAPEC-155 Screen Temporary Files for Sensitive Information


Source: NVD (National Vulnerability Database).