CVE-2023-22367
CVSS V2 None
CVSS V3 None
Description
Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.
Overview
- CVE ID
- CVE-2023-22367
- Assigner
- vultures@jpcert.or.jp
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-13T02:21:07
- Last Modified Date
- 2023-02-24T06:29:10
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:ichiranusa:ichiran:*:*:*:*:*:android:*:* | 1 | OR | 3.1.0 | |
| cpe:2.3:a:ichiranusa:ichiran:*:*:*:*:*:iphone_os:*:* | 1 | OR | 3.1.0 |
References
| Reference URL | Reference Tags |
|---|---|
| https://apps.apple.com/jp/app/%E4%B8%80%E8%98%AD%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1118806170 | Product |
| https://jvn.jp/en/jp/JVN11257333/ | Third Party Advisory |
| https://play.google.com/store/apps/details?id=jp.co.ichiran.app&hl=ja | Product |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-22367 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22367 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:36:24 | Added to TrackCVE | |||
| 2023-04-17 07:36:27 | Weakness Enumeration | new |