PT-2023-28766 · Line · Da Butchers Mini-App

Published

2023-12-07

Updated

2023-12-11

CVE-2023-43299

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions DA BUTCHERS mini-app on Line version 13.6.1

Description An issue in the DA BUTCHERS mini-app on Line allows attackers to send crafted malicious notifications via leakage of the channel access token. This leakage enables attackers to exploit the system.

Recommendations For DA BUTCHERS mini-app on Line version 13.6.1, consider restricting access to the mini-app until a patch is available to prevent the leakage of the channel access token. As a temporary workaround, avoid using the mini-app for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-43299

Affected Products

Da Butchers Mini-App

PT-2023-28766 · Line · Da Butchers Mini-App

CVE-2023-43299

Related Identifiers

Affected Products

References · 6