Main Vulnerability Database SB2023082519

SB2023082519 - Improper Authorization in Handler for Custom URL Scheme in Skylark App

Published: August 25, 2023

Security Bulletin ID SB2023082519

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authorization in Handler for Custom URL Scheme (CVE-ID: CVE-2023-40530)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected application does not restrict access to the function properly. A remote attacker can trick a victim to access an arbitrary website.

Remediation

Install update from vendor's website.

References

https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto
https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478
https://jvn.jp/en/jp/JVN03447226/