All the vulnerabilites related to LINE Corporation - LINE Client for iOS
cve-2024-1735
Vulnerability from cvelistv5
Published
2024-02-26 07:25
Modified
2024-08-26 16:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
LINE Corporation | Armeria |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:48:21.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "armeria", "vendor": "linecorp", "versions": [ { "lessThan": "1.27.2", "status": "affected", "version": "0.69.0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-1735", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-04T21:31:51.106962Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-26T16:32:08.333Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Armeria", "vendor": "LINE Corporation", "versions": [ { "lessThan": "1.27.2", "status": "affected", "version": "0.69.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "na", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-12T07:57:43.872Z", "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "shortName": "LY-Corporation" }, "references": [ { "url": "https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54" } ] } }, "cveMetadata": { "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "assignerShortName": "LY-Corporation", "cveId": "CVE-2024-1735", "datePublished": "2024-02-26T07:25:42.406Z", "dateReserved": "2024-02-22T05:17:44.461Z", "dateUpdated": "2024-08-26T16:32:08.333Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5554
Vulnerability from cvelistv5
Published
2023-10-12 09:34
Modified
2024-09-18 17:50
Severity ?
EPSS score ?
Summary
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
LINE Corporation | LINE Client for iOS |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:59:44.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/2106827" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-5554", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-18T17:49:17.224369Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-18T17:50:42.920Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "LINE Client for iOS", "vendor": "LINE Corporation", "versions": [ { "lessThan": "13.16.0", "status": "affected", "version": "13.12.0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "na", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-13T05:40:43.366Z", "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "shortName": "LINE" }, "references": [ { "url": "https://hackerone.com/reports/2106827" } ] } }, "cveMetadata": { "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "assignerShortName": "LINE", "cveId": "CVE-2023-5554", "datePublished": "2023-10-12T09:34:01.586Z", "dateReserved": "2023-10-12T09:17:12.045Z", "dateUpdated": "2024-09-18T17:50:42.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41568
Vulnerability from cvelistv5
Published
2022-11-29 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
LINE Corporation | LINE client for iOS |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:41.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1701642" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LINE client for iOS", "vendor": "LINE Corporation", "versions": [ { "status": "affected", "version": "\u003c" } ] } ], "descriptions": [ { "lang": "en", "value": "LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat." } ], "problemTypes": [ { "descriptions": [ { "description": "na", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-29T00:00:00", "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "shortName": "LINE" }, "references": [ { "url": "https://hackerone.com/reports/1701642" } ] } }, "cveMetadata": { "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "assignerShortName": "LINE", "cveId": "CVE-2022-41568", "datePublished": "2022-11-29T00:00:00", "dateReserved": "2022-09-26T00:00:00", "dateUpdated": "2024-08-03T12:49:41.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-36215
Vulnerability from cvelistv5
Published
2021-09-08 17:50
Modified
2024-08-04 00:54
Severity ?
EPSS score ?
Summary
LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.
References
▼ | URL | Tags |
---|---|---|
https://hackerone.com/reports/1082991 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
LINE Corporation | LINE client for iOS |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:54:50.677Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/1082991" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LINE client for iOS", "vendor": "LINE Corporation", "versions": [ { "status": "affected", "version": "\u003c=" } ] } ], "descriptions": [ { "lang": "en", "value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-08T17:50:43", "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "shortName": "LINE" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/1082991" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "dl_cve@linecorp.com", "ID": "CVE-2021-36215", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "LINE client for iOS", "version": { "version_data": [ { "version_affected": "10.21.3", "version_value": "\u003c=" } ] } } ] }, "vendor_name": "LINE Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://hackerone.com/reports/1082991", "refsource": "MISC", "url": "https://hackerone.com/reports/1082991" } ] } } } }, "cveMetadata": { "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "assignerShortName": "LINE", "cveId": "CVE-2021-36215", "datePublished": "2021-09-08T17:50:43", "dateReserved": "2021-07-07T00:00:00", "dateUpdated": "2024-08-04T00:54:50.677Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-41011
Vulnerability from cvelistv5
Published
2021-09-22 15:07
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.
References
▼ | URL | Tags |
---|---|---|
https://hackerone.com/reports/1279524 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
LINE Corporation | LINE client for iOS |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:59:31.388Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/1279524" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LINE client for iOS", "vendor": "LINE Corporation", "versions": [ { "status": "affected", "version": "\u003c" } ] } ], "descriptions": [ { "lang": "en", "value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-22T15:07:41", "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "shortName": "LINE" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/1279524" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "dl_cve@linecorp.com", "ID": "CVE-2021-41011", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "LINE client for iOS", "version": { "version_data": [ { "version_affected": "11.15.0", "version_value": "\u003c" } ] } } ] }, "vendor_name": "LINE Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://hackerone.com/reports/1279524", "refsource": "MISC", "url": "https://hackerone.com/reports/1279524" } ] } } } }, "cveMetadata": { "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "assignerShortName": "LINE", "cveId": "CVE-2021-41011", "datePublished": "2021-09-22T15:07:42", "dateReserved": "2021-09-13T00:00:00", "dateUpdated": "2024-08-04T02:59:31.388Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5739
Vulnerability from cvelistv5
Published
2024-06-12 07:00
Modified
2024-08-01 21:18
Severity ?
EPSS score ?
Summary
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
LINE Corporation | LINE client for iOS |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5739", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T19:19:41.096728Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-12T19:22:21.831Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:18:07.121Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/2284129" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LINE client for iOS", "vendor": "LINE Corporation", "versions": [ { "lessThan": "14.9.0", "status": "affected", "version": "14.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.4, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "na", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-12T08:24:16.591Z", "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "shortName": "LY-Corporation" }, "references": [ { "url": "https://hackerone.com/reports/2284129" } ] } }, "cveMetadata": { "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "assignerShortName": "LY-Corporation", "cveId": "CVE-2024-5739", "datePublished": "2024-06-12T07:00:35.232Z", "dateReserved": "2024-06-07T07:08:09.783Z", "dateUpdated": "2024-08-01T21:18:07.121Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-36214
Vulnerability from cvelistv5
Published
2021-07-13 17:47
Modified
2024-08-04 00:54
Severity ?
EPSS score ?
Summary
LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.
References
▼ | URL | Tags |
---|---|---|
https://hackerone.com/reports/988332 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
LINE Corporation | LINE client for iOS |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:54:50.746Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/988332" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LINE client for iOS", "vendor": "LINE Corporation", "versions": [ { "status": "affected", "version": "\u003c" } ] } ], "descriptions": [ { "lang": "en", "value": "LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-13T17:47:37", "orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "shortName": "LINE" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/988332" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "dl_cve@linecorp.com", "ID": "CVE-2021-36214", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "LINE client for iOS", "version": { "version_data": [ { "version_affected": "10.16.3", "version_value": "\u003c" } ] } } ] }, "vendor_name": "LINE Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)" } ] } ] }, "references": { "reference_data": [ { "name": "https://hackerone.com/reports/988332", "refsource": "MISC", "url": "https://hackerone.com/reports/988332" } ] } } } }, "cveMetadata": { "assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb", "assignerShortName": "LINE", "cveId": "CVE-2021-36214", "datePublished": "2021-07-13T17:47:37", "dateReserved": "2021-07-07T00:00:00", "dateUpdated": "2024-08-04T00:54:50.746Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }