CVE-2024-43201
CVSS V2 None
CVSS V3 None
Description
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information.
Overview
- CVE ID
- CVE-2024-43201
- Assigner
- cisa-cg
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-23T19:11:39.193Z
- Last Modified Date
- 2024-09-23T19:55:27.448Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://apps.apple.com/us/app/planet-fitness-workouts/id399857015 | release-notes |
| https://dontvacuum.me/bugs/pf/ | third-party-advisory exploit technical-description |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-43201 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43201 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-06 09:59:16 | Added to TrackCVE |