关键漏洞信息 1. 漏洞名称 Exposure of secret in coffee-jumbo 2. 漏洞描述 Mini-app 'coffee-jumbo' on Line exposes the critical credential, the 'client secret', to the client-side. Remote attackers can obtain this secret and use it to acquire the channel access token, leading to potential risks like broadcasting malicious messages. 3. 影响版本 Line 13.6.1 4. 攻击向量 The client only needs Line installed and opened the mini-app 'coffee-jumbo' on Line. The response of the request contains the critical credential, the client secret. Using the tool supplied by Line verifies the exploit. 5. 漏洞影响 Any user of the mini-app 'coffee-jumbo' is at risk of receiving malicious broadcast messages because of this vulnerability. Potential damages include receiving website links, fraudulent information, and more. 6. 额外注意事项 Developers should ensure that channel access tokens are secured to prevent unauthorized access and potential misuse. Users should revoke channel access tokens suspected of being leaked to secure their accounts.