CVE-2023-40530

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478	Product
https://jvn.jp/en/jp/JVN03447226/	Third Party Advisory
https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto	Product
https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478	Product
https://jvn.jp/en/jp/JVN03447226/	Third Party Advisory
https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:skylark:skylark::::::android::*
	cpe:2.3:a:skylark:skylark::::::iphone_os::*

History

21 Nov 2024, 08:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-25 04:15

Updated : 2024-11-21 08:19

NVD link : CVE-2023-40530

Mitre link : CVE-2023-40530

CVE.ORG link : CVE-2023-40530

JSON object : View

Products Affected

skylark

skylark

CWE

CWE-862

Missing Authorization

{"id": "CVE-2023-40530", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-08-25T04:15:10.487", "references": [{"url": "https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478", "tags": ["Product"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN03447226/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto", "tags": ["Product"], "source": "vultures@jpcert.or.jp"}, {"url": "https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jvn.jp/en/jp/JVN03447226/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device."}], "lastModified": "2024-11-21T08:19:39.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:skylark:skylark:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "65D64431-C69E-4E42-B08C-BB42C8390EE8", "versionEndIncluding": "6.2.13"}, {"criteria": "cpe:2.3:a:skylark:skylark:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "647ECF75-22BB-47AC-9428-12E2035BC448", "versionEndIncluding": "6.2.13"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}