PT-2023-23475 · Albis · Albis
Published
2023-07-13
·
Updated
2023-07-21
·
CVE-2023-31821
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ALBIS version 13.6.1
Description
An issue in ALBIS allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function.
Recommendations
For version 13.6.1, consider restricting access to the miniapp ALBIS function until a patch is available. As a temporary workaround, avoid using the channel access token in the miniapp ALBIS function to minimize the risk of exploitation.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Albis