The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-03T13:01:33

Updated: 2024-08-04T12:04:22.161Z

Reserved: 2020-05-03T00:00:00

Link: CVE-2020-12624

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-05-03T13:15:11.310

Modified: 2024-11-21T04:59:56.397

Link: CVE-2020-12624

cve-icon Redhat

No data.