CVE-2024-0245

A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/hamza417/inure/commit/a0c3e68b0542bcd7007c93618e0d50a5331de061
https://huntr.com/bounties/2108644e-9e54-4236-932d-f204fc68b607

Configurations

No configuration.

History

15 Oct 2025, 13:15

Type	Values Removed	Values Added
CWE	~~CWE-200~~	CWE-276
Summary		(es) Una configuración incorrecta en el archivo AndroidManifest.xml de hamza417/inure anterior a la compilación 97 permite el secuestro de tareas. Esta vulnerabilidad permite que aplicaciones maliciosas hereden los permisos de la aplicación vulnerable, lo que podría exponer información confidencial. Un atacante puede crear una aplicación maliciosa que secuestre la aplicación legítima Inure, interceptando y robando información confidencial al instalarse en el dispositivo de la víctima. Este problema afecta a todas las versiones de Android anteriores a Android 11.

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:15

NVD link : CVE-2024-0245

Mitre link : CVE-2024-0245

CVE.ORG link : CVE-2024-0245

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

5.5 /10