CVE-2024-6295

EUVD-2024-47413
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.9 LOW
PHYSICAL
LOW
HIGH
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
udnudn_news_app
𝑥
< 4.20.1
ADP
Common Weakness Enumeration
References
https://www.twcert.org.tw/en/cp-139-7895-80dac-2.html
https://www.twcert.org.tw/tw/cp-132-7894-aebd8-1.html
https://www.twcert.org.tw/en/cp-139-7895-80dac-2.html
https://www.twcert.org.tw/tw/cp-132-7894-aebd8-1.html