PT-2023-21688 · Unknown · Newspicks App
Sunagawa Masanori
·
Published
2023-06-30
·
Updated
2023-07-07
·
CVE-2023-28387
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
NewsPicks App for Android versions 10.4.5 and earlier
NewsPicks App for iOS versions 10.4.2 and earlier
Description
The issue is related to hard-coded credentials in the NewsPicks App, which may allow a local attacker to analyze data in the app and obtain an API key for an external service.
Recommendations
For NewsPicks App for Android versions 10.4.5 and earlier, update to a version later than 10.4.5 to resolve the issue.
For NewsPicks App for iOS versions 10.4.2 and earlier, update to a version later than 10.4.2 to resolve the issue.
As a temporary workaround, consider restricting access to sensitive data within the app until a patch is available.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Newspicks App