CVE-2022-41797
MEDIUMLemon8 < 3.3.5 - Missing Authorization in Custom URL Scheme Handler
Title source: llmDescription
Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
References (3)
Core 3
Core References
Product, Third Party Advisory
https://apps.apple.com/jp/app/lemon8/id1498607143
Third Party Advisory
https://jvn.jp/en/jp/JVN10921428/index.html
Product, Third Party Advisory
https://play.google.com/store/apps/details?id=com.bd.nproject&hl=ja&gl=US
Scores
CVSS v3
6.5
EPSS
0.0086
EPSS Percentile
54.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (1)
lemon8_project/lemon8
< 3.3.5 (2 CPE variants)
Published
Oct 24, 2022
Tracked Since
Feb 18, 2026