Search criteria
6 vulnerabilities found for tiktok by tiktok
FKIE_CVE-2022-28799
Vulnerability from fkie_nvd - Published: 2022-06-02 14:15 - Updated: 2024-11-21 06:57
Severity ?
Summary
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr | Third Party Advisory | |
| cve@mitre.org | https://hackerone.com/reports/1500614 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1500614 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiktok:tiktok:*:*:*:*:*:android:*:*",
"matchCriteriaId": "322C127F-DB9B-40F3-930D-25B384EF5A75",
"versionEndExcluding": "23.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n TikTok antes de la versi\u00f3n 23.7.3 para Android permite la toma de posesi\u00f3n de cuentas. Una URL crafteada (deeplink no validado) puede forzar el com.zhiliaoapp.musically WebView a cargar un sitio web arbitrario. Esto puede permitir a un atacante aprovechar una interfaz JavaScript adjunta para la toma de posesi\u00f3n con un solo clic."
}
],
"id": "CVE-2022-28799",
"lastModified": "2024-11-21T06:57:57.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T14:15:46.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1500614"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1500614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-14319
Vulnerability from fkie_nvd - Published: 2019-09-04 20:15 - Updated: 2024-11-21 04:26
Severity ?
Summary
The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiktok:tiktok:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA9C680-39DE-4089-BAE5-E533A524548B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiktok:tiktok:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D85B139-789D-4B87-8DEE-A49C8D328F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiktok:tiktok:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C407BAF-5B91-492B-8A32-784B33FC0AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiktok:tiktok:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71EBE902-6CFA-4BDB-A7D7-CC43A27D2121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiktok:tiktok:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2DE10D-9523-42BB-83FF-5181E777FF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiktok:tiktok:12.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67267D11-FFEB-41FB-9FB8-853032B79053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiktok:tiktok:12.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D170E8E-49E7-4611-97D2-72DF2CC2C6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiktok:tiktok:12.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B58028BB-FC7E-4EF3-B274-118F62FB27F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n TikTok (anteriormente Musical.ly) versi\u00f3n 12.2.0 para Android e iOS, realiza una transmisi\u00f3n sin cifrar de im\u00e1genes, videos y likes. Esto permite a un atacante extraer informaci\u00f3n confidencial privada mediante la detecci\u00f3n del tr\u00e1fico de la red."
}
],
"id": "CVE-2019-14319",
"lastModified": "2024-11-21T04:26:29.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-04T20:15:10.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-28799 (GCVE-0-2022-28799)
Vulnerability from cvelistv5 – Published: 2022-05-30 13:46 – Updated: 2024-08-03 06:03
VLAI?
Summary
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1500614"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T13:43:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1500614"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities",
"refsource": "MISC",
"url": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities"
},
{
"name": "https://hackerone.com/reports/1500614",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1500614"
},
{
"name": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr",
"refsource": "MISC",
"url": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28799",
"datePublished": "2022-05-30T13:46:19",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14319 (GCVE-0-2019-14319)
Vulnerability from cvelistv5 – Published: 2019-09-04 19:57 – Updated: 2024-08-05 00:12
VLAI?
Summary
The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T19:57:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US"
},
{
"name": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg",
"refsource": "MISC",
"url": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg"
},
{
"name": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image",
"refsource": "MISC",
"url": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image"
},
{
"name": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf",
"refsource": "MISC",
"url": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14319",
"datePublished": "2019-09-04T19:57:59",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28799 (GCVE-0-2022-28799)
Vulnerability from nvd – Published: 2022-05-30 13:46 – Updated: 2024-08-03 06:03
VLAI?
Summary
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1500614"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T13:43:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1500614"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities",
"refsource": "MISC",
"url": "https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities"
},
{
"name": "https://hackerone.com/reports/1500614",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1500614"
},
{
"name": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr",
"refsource": "MISC",
"url": "https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28799",
"datePublished": "2022-05-30T13:46:19",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14319 (GCVE-0-2019-14319)
Vulnerability from nvd – Published: 2019-09-04 19:57 – Updated: 2024-08-05 00:12
VLAI?
Summary
The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T19:57:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically\u0026hl=en_US"
},
{
"name": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg",
"refsource": "MISC",
"url": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg"
},
{
"name": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image",
"refsource": "MISC",
"url": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image"
},
{
"name": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf",
"refsource": "MISC",
"url": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14319",
"datePublished": "2019-09-04T19:57:59",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}