PT-2024-13543 · Line · Line
Published
2024-01-26
·
Updated
2024-08-27
·
CVE-2023-48127
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Line version 13.6.1
Description
An issue in the myGAKUYA mini-app allows attackers to send crafted malicious notifications via leakage of the
channel access token. This leakage enables attackers to exploit the system.Recommendations
For version 13.6.1, consider restricting access to the myGAKUYA mini-app until a patch is available to prevent the leakage of the
channel access token. As a temporary workaround, avoid using the myGAKUYA mini-app to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Line