CVE-2022-42979

HIGH

RYDE 5.8.43 - Account Takeover via Deep Link Hostname Validation Bypass

Title source: llm

Description

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link.

References (1)

Core 1

Core References

Various Sources

https://medium.com/%40jalee0606/how-i-found-my-first-one-click-account-takeover-via-deeplink-in-ryde-5406010c36d8

Scores

CVSS v3 8.8

EPSS 0.2433

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-295 CWE-200

Status published

Products (1)

rydesharing/ryde 5.8.43 (2 CPE variants)

Published Jan 06, 2023

Tracked Since Feb 18, 2026