CVE-2023-28387

Summary

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.

Affected Software

VendorProductVersion RangeStatus
NewsPicks, Inc.“NewsPicks” App for Androidversions 10.4.5 and earlieraffected
NewsPicks, Inc.“NewsPicks” App for iOSversions 10.4.2 and earlieraffected

Weaknesses

  • Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References