CVE-2022-41797
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/10/2022
Last modified:
07/05/2025
Description
Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:lemon8_project:lemon8:*:*:*:*:*:android:*:* | 3.3.5 (excluding) | |
| cpe:2.3:a:lemon8_project:lemon8:*:*:*:*:*:iphone_os:*:* | 3.3.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://apps.apple.com/jp/app/lemon8/id1498607143
- https://jvn.jp/en/jp/JVN10921428/index.html
- https://play.google.com/store/apps/details?id=com.bd.nproject&hl=ja&gl=US
- https://apps.apple.com/jp/app/lemon8/id1498607143
- https://jvn.jp/en/jp/JVN10921428/index.html
- https://play.google.com/store/apps/details?id=com.bd.nproject&hl=ja&gl=US