PT-2023-23477 · Unknown · Marui Official App
Published
2023-07-13
·
Updated
2023-07-25
·
CVE-2023-31823
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Marui Official app version 13.6.1
Description
The issue allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function.
Recommendations
For version 13.6.1, consider restricting access to the miniapp Marui Official Store function until a patch is available. As a temporary workaround, avoid using the channel access token in the affected function to minimize the risk of exploitation.
Exploit
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Marui Official App