CVE-2023-41708

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 12, 2024

Updated: Feb 16, 2024

CWE ID 79

Summary

CVE-2023-41708 is a new vulnerability that allows attackers to manipulate references to the "app loader" functionality, potentially redirecting them to unexpected locations. This could enable unauthorized injection of malicious script code, bypassing existing safeguards. The vulnerability stems from loose controls on app references, which have now been tightened to prevent relative references. No publicly disclosed exploits exist as of yet, but it is recommended to promptly deploy the available updates and patch releases to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sghohg
https://www.cve.org/CVERecord?id=CVE-2023-41708
https://nvd.nist.gov/vuln/detail/CVE-2023-41708

Back to Vulnerability Database

CVE-2023-41708

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations