Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Planet Fitness Workouts mobile apps do not properly validate TLS certificates
Vulnerability Description
The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. Planet Fitness first addressed this vulnerability in version 9.8.12 (released on 2024-07-25) and more recently in version 9.9.13 (released on 2025-02-11).
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
证书验证不恰当
Vulnerability Title
Planet Fitness Workouts 安全漏洞
Vulnerability Description
Planet Fitness Workouts是Planet Fitness公司的一个健身相关的应用程序。 Planet Fitness Workouts 9.8.12之前版本存在安全漏洞,该漏洞源于未能正确验证 TLS 证书。攻击者利用该漏洞可以获取会话令牌和敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A