PT-2024-13542 · Line · Luxe Beauty Clinic Mini-App
Published
2024-01-26
·
Updated
2024-01-29
·
CVE-2023-48126
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Luxe Beauty Clinic mini-app on Line version 13.6.1
Description
The issue allows attackers to send crafted malicious notifications via leakage of the
channel access token. This can be exploited by attackers to send malicious notifications.Recommendations
For version 13.6.1, consider restricting access to the channel access token to minimize the risk of exploitation. As a temporary workaround, avoid using the
channel access token in the affected mini-app until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Luxe Beauty Clinic Mini-App