CVE-2023-28387

Published: Jun 30, 2023

Modified: Dec 4, 2024

PUBLISHED

Description

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.

Vendor	Product	Versions
NewsPicks, Inc.	"NewsPicks" App for Android	affected `versions 10.4.5 and earlier`
NewsPicks, Inc.	"NewsPicks" App for iOS	affected `versions 10.4.2 and earlier`

References

https://play.google.com/store/apps/details?id=com.newspicks

https://apps.apple.com/us/app/%E3%83%8B%E3%83%A5%E3%83%BC%E3%82%BA%E3%83%94%E3%83%83%E3%82%AF%E3%82%B9-%E3%83%93%E3%82%B8%E3%83%8D%E3%82%B9%E3%81%AB%E5%BD%B9%E7%AB%8B%E3%81%A4%E7%B5%8C%E6%B8%88%E3%83%8B%E3%83%A5%E3%83%BC%E3%82%B9%E3%82%A2%E3%83%97%E3%83%AA/id640956497

https://jvn.jp/en/jp/JVN32739265/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-28387

Description

Affected Products

References