Search criteria
7 vulnerabilities by hamza417
CVE-2024-0245 (GCVE-0-2024-0245)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-10-15 12:49
VLAI?
Summary
A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11.
Severity ?
5.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hamza417 | hamza417/inure |
Affected:
unspecified , < build97
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0245",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:49:10.273985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:23:39.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hamza417/inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "build97",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim\u0027s device. This issue affects all Android versions before Android 11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:49:22.092Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/2108644e-9e54-4236-932d-f204fc68b607"
},
{
"url": "https://github.com/hamza417/inure/commit/a0c3e68b0542bcd7007c93618e0d50a5331de061"
}
],
"source": {
"advisory": "2108644e-9e54-4236-932d-f204fc68b607",
"discovery": "EXTERNAL"
},
"title": "Task Hijacking in hamza417/inure"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-0245",
"datePublished": "2025-03-20T10:10:16.698Z",
"dateReserved": "2024-01-05T04:05:09.731Z",
"dateUpdated": "2025-10-15T12:49:22.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5862 (GCVE-0-2023-5862)
Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2024-09-05 17:54
VLAI?
Summary
Missing Authorization in GitHub repository hamza417/inure prior to Build95.
Severity ?
5.1 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hamza417 | hamza417/inure |
Affected:
unspecified , < Build95
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5862",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T17:53:30.720082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T17:54:32.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hamza417/inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "Build95",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository hamza417/inure prior to Build95."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T00:00:18.766Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d"
},
{
"url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6"
}
],
"source": {
"advisory": "0e517db6-d8ba-4cb9-9339-7991dda52e6d",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in hamza417/inure"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5862",
"datePublished": "2023-10-31T00:00:18.766Z",
"dateReserved": "2023-10-31T00:00:06.449Z",
"dateUpdated": "2024-09-05T17:54:32.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5321 (GCVE-0-2023-5321)
Vulnerability from cvelistv5 – Published: 2023-09-30 13:43 – Updated: 2024-09-23 15:59
VLAI?
Summary
Missing Authorization in GitHub repository hamza417/inure prior to build94.
Severity ?
5.1 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hamza417 | hamza417/inure |
Affected:
unspecified , < build94
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5321",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T15:58:24.704049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T15:59:12.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hamza417/inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "build94",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository hamza417/inure prior to build94."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T13:43:14.012Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
},
{
"url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
}
],
"source": {
"advisory": "b1becc68-e738-458f-bd99-06ee77580d3a",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in hamza417/inure"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5321",
"datePublished": "2023-09-30T13:43:14.012Z",
"dateReserved": "2023-09-30T13:43:01.219Z",
"dateUpdated": "2024-09-23T15:59:12.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4877 (GCVE-0-2023-4877)
Vulnerability from cvelistv5 – Published: 2023-09-10 00:00 – Updated: 2024-09-26 15:12
VLAI?
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.
Severity ?
5.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hamza417 | hamza417/inure |
Affected:
unspecified , < build92
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*"
],
"defaultStatus": "unknown",
"product": "inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "build92",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T15:11:46.715441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:12:44.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hamza417/inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "build92",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-10T00:00:42.399Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84"
},
{
"url": "https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7"
}
],
"source": {
"advisory": "168e9299-f8ff-40d6-9def-d097b38bad84",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4877",
"datePublished": "2023-09-10T00:00:42.399Z",
"dateReserved": "2023-09-10T00:00:37.847Z",
"dateUpdated": "2024-09-26T15:12:44.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4876 (GCVE-0-2023-4876)
Vulnerability from cvelistv5 – Published: 2023-09-10 00:00 – Updated: 2024-09-26 16:00
VLAI?
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.
Severity ?
7.9 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hamza417 | hamza417/inure |
Affected:
unspecified , < build92
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T15:59:41.491771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T16:00:35.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hamza417/inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "build92",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-10T00:00:19.240Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a"
},
{
"url": "https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8"
}
],
"source": {
"advisory": "f729d2c8-a62e-4f30-ac24-e187b0a7892a",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4876",
"datePublished": "2023-09-10T00:00:19.240Z",
"dateReserved": "2023-09-10T00:00:06.660Z",
"dateUpdated": "2024-09-26T16:00:35.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4435 (GCVE-0-2023-4435)
Vulnerability from cvelistv5 – Published: 2023-08-20 00:00 – Updated: 2024-10-03 14:11
VLAI?
Summary
Improper Input Validation in GitHub repository hamza417/inure prior to build88.
Severity ?
7.7 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hamza417 | hamza417/inure |
Affected:
unspecified , < build88
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*"
],
"defaultStatus": "unknown",
"product": "inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "build88",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4435",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:09:18.952502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:11:11.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hamza417/inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "build88",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository hamza417/inure prior to build88."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-20T00:00:19.448Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276"
},
{
"url": "https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd"
}
],
"source": {
"advisory": "1875ee85-4b92-4aa4-861e-094137a29276",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in hamza417/inure"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4435",
"datePublished": "2023-08-20T00:00:19.448Z",
"dateReserved": "2023-08-20T00:00:06.825Z",
"dateUpdated": "2024-10-03T14:11:11.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4434 (GCVE-0-2023-4434)
Vulnerability from cvelistv5 – Published: 2023-08-20 00:00 – Updated: 2024-10-03 14:13
VLAI?
Summary
Missing Authorization in GitHub repository hamza417/inure prior to build88.
Severity ?
5.1 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hamza417 | hamza417/inure |
Affected:
unspecified , < build88
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/19e68377-e071-4a8e-aa4c-cd84a426602e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hamza417/inure/commit/2176af74ca3a81fd001e6cc8eea5a8306f484fbb"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*"
],
"defaultStatus": "unknown",
"product": "inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "build88",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4434",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:11:43.210576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:13:24.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hamza417/inure",
"vendor": "hamza417",
"versions": [
{
"lessThan": "build88",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository hamza417/inure prior to build88."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-20T00:00:18.940Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/19e68377-e071-4a8e-aa4c-cd84a426602e"
},
{
"url": "https://github.com/hamza417/inure/commit/2176af74ca3a81fd001e6cc8eea5a8306f484fbb"
}
],
"source": {
"advisory": "19e68377-e071-4a8e-aa4c-cd84a426602e",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in hamza417/inure"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4434",
"datePublished": "2023-08-20T00:00:18.940Z",
"dateReserved": "2023-08-20T00:00:06.039Z",
"dateUpdated": "2024-10-03T14:13:24.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}