CVE-2024-6295

LOW

udn News Android APP - Info Disclosure

Title source: llm

Description

udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.

References (2)

[Various Sources] https://www.twcert.org.tw/tw/cp-132-7894-aebd8-1.html

[Various Sources] https://www.twcert.org.tw/en/cp-139-7895-80dac-2.html

Scores

CVSS v3 3.9

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-922

Status published

Products (1)

udn/udn News App earlier - 4.20.1

Published Jun 25, 2024

Tracked Since Feb 18, 2026