CVE-2018-11242

Name of the Vulnerable Software and Affected Versions MakeMyTrip version 7.2.4

Description An issue in the application allows for sensitive information disclosure due to the lack of encryption of locally stored databases. The databases contain cleartext data, which can be accessed through specific files, such as data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.

Recommendations For version 7.2.4, consider encrypting the locally stored databases to prevent sensitive information disclosure. As a temporary workaround, restrict access to the data/com.makemytrip/databases and data/com.makemytrip/Cache directories to minimize the risk of exploitation.