The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://jvn.jp/en/jp/JVN81637882/index.html - | |
References | () http://jvndb.jvn.jp/jvndb/JVNDB-2014-000007 - |
Information
Published : 2014-01-22 21:55
Updated : 2024-11-21 02:02
NVD link : CVE-2014-0806
Mitre link : CVE-2014-0806
CVE.ORG link : CVE-2014-0806
JSON object : View
Products Affected
fenrir-inc
- sleipnir_mobile
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor