CVE-2018-19111
MEDIUMGoogle Cardboard 1.8 for Android and 1.2 for iOS - Cleartext Transmission of Sensitive Information
Title source: llmDescription
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.info-sec.ca/advisories/Google-Cardboard.html
Scores
CVSS v3
5.3
EPSS
0.0022
EPSS Percentile
12.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (2)
google/cardboard
1.2
google/cardboard
1.8
Published
Nov 08, 2018
Tracked Since
Feb 18, 2026