CVE-2013-2318

The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://jvn.jp/en/jp/JVN90289505/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000047
http://movatwitter.jugem.jp/?eid=442
http://jvn.jp/en/jp/JVN90289505/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000047
http://movatwitter.jugem.jp/?eid=442

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jig:movatwitouch::-::::android::
	cpe:2.3:a:jig:movatwitouch_paid::-::::android::

History

21 Nov 2024, 01:51

Type	Values Removed	Values Added
References	~~() http://jvn.jp/en/jp/JVN90289505/index.html -~~	() http://jvn.jp/en/jp/JVN90289505/index.html -
References	~~() http://jvndb.jvn.jp/jvndb/JVNDB-2013-000047 -~~	() http://jvndb.jvn.jp/jvndb/JVNDB-2013-000047 -
References	~~() http://movatwitter.jugem.jp/?eid=442 -~~	() http://movatwitter.jugem.jp/?eid=442 -

Information

Published : 2013-06-06 13:02

Updated : 2024-11-21 01:51

NVD link : CVE-2013-2318

Mitre link : CVE-2013-2318

CVE.ORG link : CVE-2013-2318

JSON object : View

Products Affected

jig

movatwitouch
movatwitouch_paid

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-2318", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-06T13:02:14.510", "references": [{"url": "http://jvn.jp/en/jp/JVN90289505/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000047", "source": "vultures@jpcert.or.jp"}, {"url": "http://movatwitter.jugem.jp/?eid=442", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvn.jp/en/jp/JVN90289505/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000047", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://movatwitter.jugem.jp/?eid=442", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application."}, {"lang": "es", "value": "El Content Provider en la aplicaci\u00f3n MovatwiTouch anterior 1.793 y MovatwiTouch Paid anterior a 1.793 para Android, no restringe adecuadamente el acceso a la informaci\u00f3n de autorizaci\u00f3n, lo que permite a atacantes secuestrar cuentas de Twitter a trav\u00e9s de una aplicaci\u00f3n manipulada."}], "lastModified": "2024-11-21T01:51:27.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jig:movatwitouch:*:-:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "FCDE8DCB-9254-4656-A686-DE8161B594D7", "versionEndIncluding": "1.792"}, {"criteria": "cpe:2.3:a:jig:movatwitouch_paid:*:-:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "0DB65F4E-8793-4067-88FE-8B7FEE9DE7F4", "versionEndIncluding": "1.792"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}