CVE-2022-41797
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ByteDance K.K. | Lemon8 App for Android and Lemon8 App for iOS | Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 | affected |
Weaknesses
- Improper Authorization in Handler for Custom URL Scheme
ADP Enrichment
CVE Program Container
Additional References
- https://play.google.com/store/apps/details?id=com.bd.nproject&hl=ja&gl=US
- https://apps.apple.com/jp/app/lemon8/id1498607143
- https://jvn.jp/en/jp/JVN10921428/index.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://play.google.com/store/apps/details?id=com.bd.nproject&hl=ja&gl=US
- https://apps.apple.com/jp/app/lemon8/id1498607143
- https://jvn.jp/en/jp/JVN10921428/index.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.