A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-444 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-06-03T00:00:00
Updated: 2024-11-12T19:24:45.004Z
Reserved: 2023-12-18T00:00:00
Link: CVE-2023-51219
Vulnrichment
Updated: 2024-08-02T22:32:09.181Z
NVD
Status : Awaiting Analysis
Published: 2024-06-03T20:15:08.810
Modified: 2024-11-21T08:37:55.073
Link: CVE-2023-51219
Redhat
No data.