PT-2023-14166 · Ryde · Ryde
Published
2023-01-06
·
Updated
2023-01-11
·
CVE-2022-42979
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RYDE application version 5.8.43
Description
The issue is related to information disclosure due to insecure hostname validation, allowing attackers to take over an account via a deep link. This can be exploited in the RYDE application for both Android and iOS.
Recommendations
For RYDE application version 5.8.43, consider disabling deep link functionality until a patch is available to prevent account takeover. Restrict access to sensitive account information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Information Disclosure
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ryde