Improper Authorization in Lemon8 App for Android and iOS
CVE-2022-41797

6.5MEDIUM

Key Information:

Vendor: Bytedance K.k.
Status: Lemon8 App For Android And Lemon8 App For iOS
Vendor: CVE Published:; 24 October 2022

🔔 Create Bytedance K.k. Vulnerability Alert

What is CVE-2022-41797?

The Lemon8 App for both Android and iOS prior to version 3.3.5 has a vulnerability that arises from improper authorization in its handler for custom URL schemes. This security flaw could enable remote attackers to trick users into accessing arbitrary websites through the app, significantly increasing the risk of phishing attacks. Users are urged to update to the latest version to mitigate potential risks.

Affected Version(s)

Lemon8 App for Android and Lemon8 App for iOS Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5

References

https://play.google.com/store/apps/details?id=com.bd.npro...

https://apps.apple.com/jp/app/lemon8/id1498607143

https://jvn.jp/en/jp/JVN10921428/index.html

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2022
Vulnerability Reserved
Oct 11, 2022

CVE-2022-41797 Data

JSON