PT-2018-14810 · Google+1 · Google Cardboard+1

Published

2018-11-08

Updated

2019-10-03

CVE-2018-19111

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Google Cardboard application version 1.8 for Android Google Cardboard application version 1.2 for iOS

Description The issue concerns the transmission of potentially private cleartext information to the Unity 3D Stats web site. This includes details such as device make, model, and OS.

Recommendations For Google Cardboard application version 1.8 on Android, consider restricting access to sensitive device information until a patch is available. For Google Cardboard application version 1.2 on iOS, consider restricting access to sensitive device information until a patch is available.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2018-19111

Affected Products

Google Cardboard

Unity 3D

PT-2018-14810 · Google+1 · Google Cardboard+1

CVE-2018-19111

Weakness Enumeration

Related Identifiers

Affected Products

References · 3