CVE-2024-3128

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android. This issue affects some unknown processing of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-258869 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The vendor was contacted early and responded very quickly. He does not intend to maintain the app anymore and will revoke the availability in the Google Play Store.
Configurations

No configuration.

History

21 Nov 2024, 09:28

Type Values Removed Values Added
References () https://github.com/ctflearner/Android_Findings/blob/main/Replify-Messenger/Backup.md - () https://github.com/ctflearner/Android_Findings/blob/main/Replify-Messenger/Backup.md -
References () https://vuldb.com/?ctiid.258869 - () https://vuldb.com/?ctiid.258869 -
References () https://vuldb.com/?id.258869 - () https://vuldb.com/?id.258869 -
References () https://vuldb.com/?submit.307761 - () https://vuldb.com/?submit.307761 -

11 Apr 2024, 01:25

Type Values Removed Values Added
Summary
  • (es) ** NO SOPORTADO CUANDO SE ASIGNÓ ** Se encontró una vulnerabilidad clasificada como problemática en Replify-Messenger 1.0 en Android. Este problema afecta un procesamiento desconocido del archivo androidmanifest.xml del componente Backup File Handler. La manipulación conduce a la exposición del archivo de copia de seguridad a una esfera de control no autorizada. Es posible lanzar el ataque al dispositivo físico. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-258869. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contactó primeramente con el proveedor y respondió muy rápidamente. Ya no tiene intención de mantener la aplicación y revocará su disponibilidad en Google Play Store.

01 Apr 2024, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-01 15:16

Updated : 2024-11-21 09:28


NVD link : CVE-2024-3128

Mitre link : CVE-2024-3128

CVE.ORG link : CVE-2024-3128


JSON object : View

Products Affected

No product.

CWE
CWE-530

Exposure of Backup File to an Unauthorized Control Sphere