CVE-2023-39740

The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
Configurations

Configuration 1 (hide)

cpe:2.3:a:linecorp:onigiriya-musubee:13.6.1:*:*:*:*:*:*:*

History

11 Sep 2024, 19:35

Type Values Removed Values Added
CWE CWE-269

31 Oct 2023, 18:46

Type Values Removed Values Added
First Time Linecorp onigiriya-musubee
Linecorp
References (MISC) https://liff.line.me/1657597257-0ozj8DwJ - (MISC) https://liff.line.me/1657597257-0ozj8DwJ - Product
References (MISC) https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39740.md - (MISC) https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39740.md - Exploit, Third Party Advisory
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.2
CPE cpe:2.3:a:linecorp:onigiriya-musubee:13.6.1:*:*:*:*:*:*:*

25 Oct 2023, 18:17

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-25 18:17

Updated : 2024-09-11 19:35


NVD link : CVE-2023-39740

Mitre link : CVE-2023-39740

CVE.ORG link : CVE-2023-39740


JSON object : View

Products Affected

linecorp

  • onigiriya-musubee
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management