Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
udn News App - Sensitive Information Exposure
Vulnerability Description
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
udn News 信息泄露漏洞
Vulnerability Description
udn News是中国联合新闻(udn)公司的一个新闻应用程序。 udn News 4.20.1之前版本存在信息泄露漏洞,该漏洞源于在用户登录时将用户会话存储在logcat文件中,恶意攻击者可以检索此会话并使用它来登录软件。
CVSS Information
N/A
Vulnerability Type
N/A