CVE-2023-28387

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jun 30, 2023

Updated: Jul 7, 2023

CWE ID 798

Summary

CVE-2023-28387 is a vulnerability affecting the "NewsPicks" App on Android versions 10.4.5 and earlier, as well as iOS versions 10.4.2 and earlier. The issue stems from the use of hard-coded credentials within the app. This weakness exposes local attackers to the ability to access and analyze sensitive data within the app. Moreover, they can obtain an API key for an external service, potentially granting them further unauthorized access. This vulnerability poses a significant risk, emphasizing the importance of implementing secure coding practices and promptly applying software updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Uzabase Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database