PT-2022-8659 · Sina · Sina Weibo Android Sdk

Pokerfacett

Published

2022-04-05

Updated

2022-07-12

CVE-2020-23349

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Sina Weibo Android SDK version 4.2.7

Description An intent redirection issue was discovered in the Sina Weibo Android SDK, specifically in the com.sina.weibo.sdk.share.WbShareTransActivity component. This issue allows any unexported Activities to be started by the com.sina.weibo.sdk.share.WbShareTransActivity.

Recommendations For Sina Weibo Android SDK version 4.2.7, consider restricting access to the com.sina.weibo.sdk.share.WbShareTransActivity to prevent unauthorized starts of unexported Activities until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-23349

Affected Products

Sina Weibo Android Sdk

PT-2022-8659 · Sina · Sina Weibo Android Sdk

CVE-2020-23349

Related Identifiers

Affected Products

References · 5