Vulnerability Details : CVE-2022-41797
Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
Products affected by CVE-2022-41797
- cpe:2.3:a:lemon8_project:lemon8:*:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:lemon8_project:lemon8:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-41797
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-41797
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-41797
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-41797
-
https://apps.apple.com/jp/app/lemon8/id1498607143
「Lemon8 (レモンエイト)」をApp StoreでProduct;Third Party Advisory
-
https://jvn.jp/en/jp/JVN10921428/index.html
JVN#10921428: Lemon8 App fails to restrict access permissionsThird Party Advisory
-
https://play.google.com/store/apps/details?id=com.bd.nproject&hl=ja&gl=US
Lemon8 (レモンエイト) - Google Play のアプリProduct;Third Party Advisory
Jump to