CVE-2022-39870

Name of the Vulnerable Software and Affected Versions SmartThings versions prior to 1.7.89.0

Description The issue is related to an improper access control vulnerability in the cloudNotificationManager.java file. This vulnerability allows attackers to access sensitive information via the PUSH MESSAGE RECEIVED broadcast.

Recommendations For versions prior to 1.7.89.0, update to version 1.7.89.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the cloudNotificationManager.java file or disabling the PUSH MESSAGE RECEIVED broadcast until a patch is available.