CVE-2014-0806

Sleipnir Mobile < 2.12.1 - Unauthenticated Exposure of Sensitive Location Information via Geolocation API

Title source: llm
STIX 2.1

Description

The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls.

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN81637882/index.html
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000007

Scores

EPSS 0.0107
EPSS Percentile 60.7%

Details

CWE
CWE-200
Status published
Products (23)
fenrir-inc/sleipnir_mobile 1.0.0 alpha (6 CPE variants)
fenrir-inc/sleipnir_mobile 1.1.0 (2 CPE variants)
fenrir-inc/sleipnir_mobile 1.2.0 (2 CPE variants)
fenrir-inc/sleipnir_mobile 1.3.0 (2 CPE variants)
fenrir-inc/sleipnir_mobile 1.4.0 (2 CPE variants)
fenrir-inc/sleipnir_mobile 1.5.0 (2 CPE variants)
fenrir-inc/sleipnir_mobile 1.5.1 (2 CPE variants)
fenrir-inc/sleipnir_mobile 1.6.0 (2 CPE variants)
fenrir-inc/sleipnir_mobile 1.7.0 (2 CPE variants)
fenrir-inc/sleipnir_mobile 1.7.1 (2 CPE variants)
... and 13 more
Published Jan 22, 2014
Tracked Since Feb 18, 2026