PT-2024-13154 · Line · Line
Published
2024-01-24
·
Updated
2024-01-27
·
CVE-2023-43989
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Line version 13.6.1
Description
An issue in the mokumoku chohu mini-app on Line allows attackers to send crafted malicious notifications via leakage of the
channel access token. This leakage enables attackers to exploit the system, potentially affecting user security.Recommendations
For Line version 13.6.1, update to a newer version that addresses the leakage of the
channel access token to prevent malicious notifications. As a temporary workaround, consider restricting access to the mokumoku chohu mini-app until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Line