Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to Mercari, Inc. - "Mercari" App for Android

cve-2024-23388

Vulnerability from cvelistv5

Published

2024-01-26 07:07

Modified

2024-08-01 23:06

Severity ?

Summary

Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

References

▼	URL	Tags
	https://jvn.jp/en/jp/JVN70818619/

Impacted products

Vendor

Product

Version

▼

Mercari, Inc.

"Mercari" App for Android

Version: prior to version 5.78.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:06:24.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN70818619/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "\"Mercari\" App for Android",
          "vendor": "Mercari, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 5.78.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper authorization in handler for custom URL scheme issue in \"Mercari\" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper authorization in handler for custom URL scheme",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-26T07:07:23.529Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://jvn.jp/en/jp/JVN70818619/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-23388",
    "datePublished": "2024-01-26T07:07:23.529Z",
    "dateReserved": "2024-01-16T05:50:38.250Z",
    "dateUpdated": "2024-08-01T23:06:24.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}