CVE-2023-28387
N/A
N/A
Summary
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NewsPicks, Inc. | “NewsPicks” App for Android | versions 10.4.5 and earlier | affected |
| NewsPicks, Inc. | “NewsPicks” App for iOS | versions 10.4.2 and earlier | affected |
Weaknesses
- Use of Hard-coded Credentials
ADP Enrichment
CVE Program Container
Additional References
- https://play.google.com/store/apps/details?id=com.newspicks
- https://apps.apple.com/us/app/%E3%83%8B%E3%83%A5%E3%83%BC%E3%82%BA%E3%83%94%E3%83%83%E3%82%AF%E3%82%B9-%E3%83%93%E3%82%B8%E3%83%8D%E3%82%B9%E3%81%AB%E5%BD%B9%E7%AB%8B%E3%81%A4%E7%B5%8C%E6%B8%88%E3%83%8B%E3%83%A5%E3%83%BC%E3%82%B9%E3%82%A2%E3%83%97%E3%83%AA/id640956497
- https://jvn.jp/en/jp/JVN32739265/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://play.google.com/store/apps/details?id=com.newspicks
- https://apps.apple.com/us/app/%E3%83%8B%E3%83%A5%E3%83%BC%E3%82%BA%E3%83%94%E3%83%83%E3%82%AF%E3%82%B9-%E3%83%93%E3%82%B8%E3%83%8D%E3%82%B9%E3%81%AB%E5%BD%B9%E7%AB%8B%E3%81%A4%E7%B5%8C%E6%B8%88%E3%83%8B%E3%83%A5%E3%83%BC%E3%82%B9%E3%82%A2%E3%83%97%E3%83%AA/id640956497
- https://jvn.jp/en/jp/JVN32739265/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.