PT-2023-28772 · Line · Park Dandan Mini-App+1
Published
2023-12-07
·
Updated
2024-05-04
·
CVE-2023-43304
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Line version 13.6.1
Description
An issue in the PARK DANDAN mini-app on Line allows attackers to send crafted malicious notifications via leakage of the channel access token.
Recommendations
For Line version 13.6.1, consider disabling the PARK DANDAN mini-app until a patch is available to prevent the leakage of the channel access token and mitigate the risk of malicious notifications.
Exploit
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Line
Park Dandan Mini-App