CVE-2023-43302

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Dec 7, 2023

Updated: Dec 13, 2023

Summary

CVE-2023-43302 is a vulnerability affecting the sanTas mini-app on Line v13.6.1. This issue enables attackers to send malicious notifications by exploiting the leakage of the channel access token. Attackers can potentially manipulate the content of notifications, posing a risk to users' privacy and security. The vulnerability could be used to distribute phishing or malware links, leading to unintended consequences. Users are advised to update their Line app to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linecorp

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/suM4wO
https://www.cve.org/CVERecord?id=CVE-2023-43302
https://nvd.nist.gov/vuln/detail/CVE-2023-43302

Back to Vulnerability Database

CVE-2023-43302

CVSS 3.1 Score 8.2 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations