PT-2021-14152 · Gurunavi · Gurunavi App For Ios+1

Ryo Sato

Published

2021-04-26

Updated

2022-07-12

CVE-2021-20693

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Gurunavi App for Android versions 10.0.10 and earlier Gurunavi App for iOS versions 11.1.2 and earlier

Description: The issue allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. This is due to an improper access control vulnerability.

Recommendations: For Gurunavi App for Android versions 10.0.10 and earlier, update to a version later than 10.0.10 to resolve the issue. For Gurunavi App for iOS versions 11.1.2 and earlier, update to a version later than 11.1.2 to resolve the issue.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-20693

Affected Products

Gurunavi App For Android

Gurunavi App For Ios

PT-2021-14152 · Gurunavi · Gurunavi App For Ios+1

CVE-2021-20693

Weakness Enumeration

Related Identifiers

Affected Products

References · 4