CVE-2020-7744

{"id": "CVE-2020-7744", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "report@snyk.io", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-10-15T13:15:12.993", "references": [{"url": "https://snyk.io/blog/remote-code-execution-rce-sourmint/", "tags": ["Technical Description", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://snyk.io/research/sour-mint-malicious-sdk/", "tags": ["Technical Description", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://snyk.io/vuln/SNYK-JAVA-COMMINTEGRALMSDK-1018714", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background)."}, {"lang": "es", "value": "Esto afecta a todas las versiones del paquete com.mintegral.msdk:alphab. El SDK de Android distribuido por la empresa contiene una funcionalidad maliciosa en este m\u00f3dulo que rastrea: 1. Descargas desde las URL de Google ya sea dentro de las aplicaciones de Google o por medio del navegador, incluyendo las descargas de archivos, los archivos adjuntos de correo electr\u00f3nico y los enlaces de Google Docs. 2. Todas las descargas de apk, ya sean org\u00e1nicas o no. Mintegral escucha los eventos de descarga en el administrador de descargas de Android y detecta si la URL del archivo descargado contiene: a. google.com o proviene de una aplicaci\u00f3n de Google (el paquete com.android.vending) b. Termina con .apk para descargas de apk. En ambos casos, el m\u00f3dulo env\u00eda los datos capturados hacia los servidores de Mintegral. Tome en cuenta que la funcionalidad maliciosa sigue ejecut\u00e1ndose incluso si la aplicaci\u00f3n no est\u00e1 actualmente enfocada (ejecut\u00e1ndose en segundo plano)"}], "lastModified": "2020-10-29T19:51:52.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mintegral:mintegraladsdk:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA48ECCB-BEC3-452C-80EF-61C9C3A6DB22"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "report@snyk.io"}